The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
HTML Webauthn Projects
-
Sure, but why not preserve the option for people to use hardware keys?
Unfortunately, both the FIDO and WebAuthN working groups seem to be dead-set on making the hardware authenticator use case as painful as possible [1] [2] [3].
I just don't get it. Why even try to pretend that WebAuthN is a single API for both use cases when all stakeholders in charge seem to have given up on one of them?
[1] https://github.com/fido-alliance/how-to-fido/issues/16
-
Project mention: Krptn: User Auth and Encryption of data at rest, derived from users’ credentials | news.ycombinator.com | 2023-09-12
Hello, all!
Encryption and user authentication are crucial to cybersecurity.
Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.
Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).
(Krptn only has a Python API right now.)
It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.
For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.
I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.
It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!
Here is an example Django integration: https://github.com/krptn/djangoExample
Here is an example Flask integration: https://github.com/krptn/flaskExample
GitHub repo: https://github.com/krptn/krypton
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
HTML Webauthn related posts
- Passkeys – Under the Hood
- Implement passkeys on our own sites
- Passkeys now support external providers
- What are passkeys?
- Understanding Passkeys
- Once Passkey Rolls Out, Doesn't It Negate the Argument To Keep TOTPs on A Separate App?
- Interested about passkeys but
-
A note from our sponsor - WorkOS
workos.com | 18 Apr 2024
Index
Project | Stars | |
---|---|---|
1 | webauthn | 1,091 |
2 | flaskExample | 3 |