Replies: 1 comment 2 replies
-
Note we also have: |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
So the landscape and story surrounding Webauthn and friends is complicated and in flux.
Recently FIDO2 and some passkey announcements look to be shaking up this space this year and beyond.
https://fidoalliance.org/passkeys/
Unfortunately however Webview based applications seem to be in the worst shape of all options right now. Meaning you will have to either use a supported Browser, or use native OS libraries (when they exist). And we're not alone in this as you'd expect: electron/electron#24573
Android SDK: Fido2ApiClient
Windows Hello: FIDO2 Win32 APIs
macOS, iOS: WebAuthn via ASWebAuthenticationSession
Linux: 🤷 😅
(I haven't gotten the current listing of all Webview opinions on this matter.)
Right now, for Tauri users this means they don't have reliable cross-platform access to these features in the Webview, using Webauthn. And the alternative is to use the native calls, which also aren't on every platform.
Now I don't want to get too anti here, but there's something more to keep in mind about the "native" libraries listed there. Notice that standards are available at every level:
Yet where do these native libraries live?
Unfortunately, the big platforms seems to have rolled their own implementation and laced it with an agenda to use their accounts and services. 😢 There are positives to it as well though. Such as syncing passkeys within that ecosystem. But given how many standards are available. There seems to be a distinct lack of a vendor neutral implementation here.
Enter cool initiatives like https://github.com/AlfioEmanueleFresta/xdg-credentials-portal
An attempt to create the missing Linux portal for it, along with a rust implementation while they're at it 😮
Previously based off https://github.com/mozilla/authenticator-rs which is a WIP crate to add FIDO2 support to Firefox.
And another vendor shows here https://hwsecurity.dev/guide/fido-webview/ it is feasible to independently implement this and bridge it into a webview. (Java implemenation for Android / Xamarin there)
Something I've not extensively looked at yet, is any official stance / status on every webview.
Mentions:
#2261
#6471
https://discord.com/channels/616186924390023171/1090685771754766481
Beta Was this translation helpful? Give feedback.
All reactions