HTML Webauthn Projects

• webauthn

  32 1,091 9.0 HTML

  Web Authentication: An API for accessing Public Key Credentials

  

  Project mention: Passkeys – Under the Hood | news.ycombinator.com | 2024-03-17

  Sure, but why not preserve the option for people to use hardware keys?

  Unfortunately, both the FIDO and WebAuthN working groups seem to be dead-set on making the hardware authenticator use case as painful as possible [1] [2] [3].

  I just don't get it. Why even try to pretend that WebAuthN is a single API for both use cases when all stakeholders in charge seem to have given up on one of them?

  [1] https://github.com/fido-alliance/how-to-fido/issues/16

  [2] https://github.com/w3c/webauthn/issues/1612

  [3] https://github.com/w3c/webauthn/issues/1822

• flaskExample

  1 3 3.0 HTML

  Example Krptn Integration with Django

  

  Project mention: Krptn: User Auth and Encryption of data at rest, derived from users’ credentials | news.ycombinator.com | 2023-09-12

  Hello, all!

  Encryption and user authentication are crucial to cybersecurity.

  Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.

  Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).

  (Krptn only has a Python API right now.)

  It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.

  For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.

  I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.

  It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!

  Here is an example Django integration: https://github.com/krptn/djangoExample

  Here is an example Flask integration: https://github.com/krptn/flaskExample

  GitHub repo: https://github.com/krptn/krypton

• WorkOS

  workos.com

  sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

HTML Webauthn related posts

• Passkeys – Under the Hood
  2 projects | news.ycombinator.com | 17 Mar 2024
• Implement passkeys on our own sites
  1 project | /r/webdev | 7 Jun 2023
• Passkeys now support external providers
  2 projects | news.ycombinator.com | 6 Jun 2023
• What are passkeys?
  2 projects | /r/Bitwarden | 5 Jun 2023
• Understanding Passkeys
  3 projects | news.ycombinator.com | 18 May 2023
• Once Passkey Rolls Out, Doesn't It Negate the Argument To Keep TOTPs on A Separate App?
  1 project | /r/Bitwarden | 16 May 2023
• Interested about passkeys but
  1 project | /r/Bitwarden | 4 Apr 2023
• A note from our sponsor - WorkOS
  workos.com | 18 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending HTML projects with our weekly report!