webauthn-ruby
rotp
webauthn-ruby | rotp | |
---|---|---|
5 | 6 | |
624 | 1,573 | |
1.6% | - | |
5.9 | 6.1 | |
2 months ago | 4 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webauthn-ruby
-
Passkey Authentication with Rodauth
Rodauth provides first class support for passkeys, implemented on top of the excellent webauthn-ruby gem. It enables using passkeys as a multifactor authentication method, or for passwordless login and registration. In addition to routes, views and database storage, it also provides the complete JavaScript part that interacts with Web Authentication API for zero configuration.
-
I’ve started discussion + work on updating Devise to support passkeys; we need contributors!
Would it make sense to leverage another gem like https://github.com/cedarcode/webauthn-ruby for this? Or are we thinking a completely devise internal implementation? Either way I’m interested in contributing to this movement for devise
-
Apple Passkey
I've used this gem for rails apps https://github.com/cedarcode/webauthn-ruby
-
Multi-Factor Authentication for Rails with WebAuthn and Devise
Luckily, there is a WebAuthn gem for Ruby (thanks!) that will do all the hard work for us. Just run bundle add webauthn.
-
Best practices for Two Factor Auth / 2FA in 2021?
All OTP-based 2FA methods are phishable. For real security, you should be looking at FIDO (U2F or WebAuthN)
rotp
-
Rails Authentication for Compliance
Your authentication mechanism should include multiple factors, something the user knows and something the user has. If you are using Devise, you can use the devise-two-factor gem. If you have custom authentication, you can use the rotp gem to generate OTP codes and verify those during login.
-
Is there any particular gem like Devise which makes the user Login with phone mumber and use otp to Login imstead of a password??
Aside from SMS scams, SMS is the least secure type of 2FA. I recommend implementing OTP via authenticator apps like Authenticator and 1Password. You can use the rotp gem for this: https://github.com/mdp/rotp
-
How to verify a user email with an activation code rather than an activation link?
What you're describing sounds a lot like OTP https://github.com/mdp/rotp. It's a well known and standard way of issuing one time passwords (typically 6 digits that a user confirms by entering it in).
-
Modern 2FA gem for Devise
rotp: https://github.com/mdp/rotp and
-
Best practices for Two Factor Auth / 2FA in 2021?
Use https://github.com/mdp/rotp/ -- it's super simple to get TOTP 2FA set up. Friends don't let friends use SMS 2FA.
-
26 most popular Ruby/Rails repositories on GitHub in July-August 2020
ROTP (The Ruby One Time Password Library) is a Ruby library for generating and validating one time passwords (HOTP & TOTP) according to RFC 4226 and RFC 6238. It is compatible with Google Authenticator available for Android and iPhone and any other TOTP based implementations. 1,217 stars by now
What are some alternatives?
webauthn-with-devise - The companion app for the article "Secure authentication for Rails with WebAuthn and Devise"
devise-two-factor - Barebones two-factor authentication with Devise
devise-2fa - Devise 2FA with Time Based OTP/rfc6238 tokens and encrypted secrets.
rainbow - Ruby gem for colorizing printed text on ANSI terminals
fido2-net-lib - FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
motion - Reactive frontend UI components for Rails in pure Ruby
devise-otp - Two Factors authentication for Devise using Time Based OTP/rfc6238 tokens.
TTY - Toolkit for developing sleek command line apps.
fido2 - Open-source FIDO server, featuring the FIDO2 standard. https://demo4.strongkey.com/getstarted/#/openapi/fido
rails-auth - Modular resource-based authentication and authorization for Rails/Rack
webauthn-json - 🔏 A small WebAuthn API wrapper that translates to/from pure JSON using base64url.
torch.rb - Deep learning for Ruby, powered by LibTorch