Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I solved this for django-tokenauth[1] by making the token short and easy for humans to type in. Depending on how many tokens you have in flight at once, you can use very few digits.
[1] https://github.com/skorokithakis/django-tokenauth
That's a once type thing, the website is supposed to prompt you after that QR login whether you'd like to enroll your local authenticator (Chrome, Edge, Firefox,etc) after you login so you don't need to keep using the QR code.
The concept is that many people will frequently have multiple passkeys, thus not be 'locked in' to any one sync ecosystem.
From https://github.com/w3c/webauthn/wiki/Explainer:-broadening-t...
> When signing in on a different computer, either the credential will already be locally present (if the computer is using the same sync fabric as the phone) and suggested by autocomplete, or else the user’s phone can be used to transmit the assertion to the computer. In the latter case, the service may invite the user to enroll a local platform authenticator for easier sign-in in the future. (Now the newly registered credential may be part of a different sync fabric, and thus enable local sign-in on other devices.)