Login with Passkeys!!

[charliescheer]

Fix

To improve the security of Simplenote accounts we are trying to move away from email/password authentication as it is insecure at best. One of the things we are implementing is Passkeys. This will allow users to create and store passkeys on their apple device and when they go to log into their account rather than using an email and password they only need to put in their email and then use the local biometrics to receive a passkey and then authenticate into Simplenote.

This has a bunch of security benefits and should also help users keep from losing their passwords.

Sign up for passkeys:

RPReplay_Final1718384460.mp4

Login with passkeys:

RPReplay_Final1718384268.mp4

Test

1. Clean install Simplenote on device (can't access biometrics on sim) Tap on login and choose to login with email and password
2. Once logged in go to the menu -> Settings and in the account section you will see a "Add Passkey Authentication" button. Press that. After a few seconds you will receive a notice from device asking if you want to create a passkey. Confirm and wait a few seconds. (NOTE: Currently there is no spinner or success/failure indication, that will be in a future PR)
3. Log out of Simplenote
4. Tap on the Login button and choose Login with Passkeys
5. Enter your email and tap on the Login with Passkeys Button
6. after a few seconds you will be prompted by device if you want to login with passkeys, confirm

• Confirm you are able to log into your Simplenote account.

Review

(Required) Add instructions for reviewers. For example:

Only one developer is required to review these changes, but anyone can perform the review.

Release

(Required) Add a concise statement to RELEASE-NOTES.txt if the changes should be included in release notes. Include details about updating the notes in this section. For example:

RELEASE-NOTES.txt was updated in 0c4129 with:

Added Passkey authentication support

[dangermattic]

	2 Warnings
⚠️	This PR is larger than 500 lines of changes. Please consider splitting it into smaller PRs for easier and faster reviews.
⚠️	PR is not assigned to a milestone.

Generated by 🚫 Danger

[wpmobilebot]

You can test the changes in simplenote-ios from this Pull Request by:

• Clicking here or scanning the QR code below to access App Center
• Then installing the build number pr1599-7e524e0-019017ab-e275-4c9a-8184-574412bb1e22 on your iPhone

If you need access to App Center, please ask a maintainer to add you.

[roundhill]

Can you add a / onto the end of all of these endpoints? It will save app engine from doing a redirect.

[jleandroperez]

Rather than converting every line into Data, adding them all up and returning, we can build the string and convert just once, in the last statement

[jleandroperez]

Sending you a few notes, looking great Charlie!!

[jleandroperez]

SPAuthViewController has an instance of SPAuthHandler, which, in turn, has a reference to SPAuthenticator.

No need to use a singleton for this one! 😄

[jleandroperez]

This property appears not to be in use anywhere, perhaps it's a leftover?

[jleandroperez]

😎

[jleandroperez]

Caaaan we add a comment mentioning why this was required (rather than the standard initializer?)

Thank youuu!!

[jleandroperez]

It should never crash, but perhaps we should avoid the force unwrap on this one

[jleandroperez]

Nipticky: Indentation is a bit off in these few lines

[jleandroperez]

We should get the email via parameter (rather than coupling the initializer with the AppDelegate)