New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication with security keys and the WebAuthn API #910
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Codecov Report
@@ Coverage Diff @@
## main #910 +/- ##
==========================================
- Coverage 96.61% 96.52% -0.09%
==========================================
Files 39 39
Lines 6139 6212 +73
Branches 375 384 +9
==========================================
+ Hits 5931 5996 +65
- Misses 208 216 +8
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
Introduce the SDK's part of security keys with WebAuthn
Note
A changeset will be added once this PR passed its review
@nhost/hasura-auth-js
securityKey: true
makes the distinction withnhost.auth.signIn({ email })
that authenticates with a magic link.nhost.auth.removeSecurityKey
ornhost.auth.listSecurityKeys
have been added, as listing/deleting keys occur through the GraphQL api, and@nhost/hasura-auth-js
cannot access to the parentnhost.graphql
client.To import
@nhost/nhost-js
in@nhost/hasura-auth-js
would create a circular dependency.Happy to discuss about the matter.
@nhost/react
@nhost/vue
Will come in another PR once this one is merged
Tests
No e2e tests have been added because cypress does not support the WebAuthn API.
Szilard you may have an opinion about testing the Auth state.
React-Apollo example
Example has been updated to show case the addition, listing and deletion of security keys, and the sign-in.
Documentation
Internals
@simplewebauthn/browser
. Until a better workaround is found (or NextJs gets up to speed), we bundle this package to avoid users being forced to addexperimental.esmExternals: 'loose'
to their NextJs config - and to avoid the risk of other unidentified frameworks being incompatible with this release.CodifiedError
extendsError
, with anerror
that contains the codified error. It helps catching rejected promises in a consistent way