Skip to content

bhouston/passwordless-login

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
.husky
.husky
 
 
.vscode
.vscode
 
 
docs
docs
 
 
public
public
 
 
scripts
scripts
 
 
src
src
 
 
tests/e2e
tests/e2e
 
 
.cta.json
.cta.json
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
.oxfmtrc.json
.oxfmtrc.json
 
 
.oxlintrc.json
.oxlintrc.json
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
components.json
components.json
 
 
drizzle.config.ts
drizzle.config.ts
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
pnpm-workspace.yaml
pnpm-workspace.yaml
 
 
tsconfig.base.json
tsconfig.base.json
 
 
tsconfig.json
tsconfig.json
 
 
vite.config.ts
vite.config.ts
 
 
vitest.config.ts
vitest.config.ts
 
 
vitest.e2e.config.ts
vitest.e2e.config.ts
 
 

Repository files navigation

Creating a Passwordless Login System

Demo application for the March 2026 Forward JS presentation on passwordless logins:

  • Email OTP to establish account identity
  • Passkeys (WebAuthn) to authenticate without shared secrets

Links:

Why this exists

Passwords are a shared-secret liability. Even hashed password databases become breach targets, and users still end up juggling weak passwords or password managers.

This project demonstrates a simpler model:

  1. User signs up with username + email.
  2. App verifies ownership via email one-time code.
  3. User registers a passkey.
  4. Future logins use passkeys by default (with OTP fallback paths available in the demo).

Passkeys are effectively SSH-style public/private key auth in the browser. Private keys remain on user devices and are scoped to your relying party (rpId).

Stack

  • TanStack Start + Router
  • React + TypeScript
  • Tailwind CSS + shadcn/ui
  • SimpleWebAuthn (@simplewebauthn/browser and @simplewebauthn/server)
  • SQLite + Drizzle ORM

Run locally

Install sqlite:

# MacOS
brew install sqlite

# Linux
sudo apt-get install sqlite3

# Windows
choco install sqlite

Run app

pnpm install
pnpm db:init
pnpm dev

The app runs on http://localhost:3100.

Test

pnpm test
pnpm test:e2e

Important demo caveats

This repository is intended for learning and live demos.

  • Do not deploy unmodified to production.
  • Production hardening is intentionally incomplete (for example: rate limiting).
  • Email delivery is simplified for demo flow verification.

Author

Ben Houston, Sponsored by Land of Assets

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages