Passkeys is a relatively new way to sign in to apps and services and I prefer it to password+MFA. It is essentially a biometrics login (fingerprint, face ID).
It seems Apple has led the way along with Google. It is already on most devices with cross-device compatibility rolling out as we speak. The link below has developer resources on how to use passkeys for auth.
Some Googling and I found that one service and a GitHub repo offer passkey support for Python apps:
Would this also include something like a yubikey? Might be useful for apps that have access to sensitive data like for a company or crypto transactions.
The good news: Yubikeys (and all Passkeys) are U2F tokens, and therefore supported out of the box by Anvil’s Users service as a second-factor.
What doesn’t (at time of writing) work out-of-the box is for the Passkey to provide the user’s identity as well as authentication, or for the Passkey to be the only authentication factor (instead of password). This is a rather more complicated affair, and I think this is what @yahiakalabs is asking for in this FR.
That’s right - a fully password-less experience without requiring Google or other identity providers which might support Passkeys. The Passkey would be the only authentication factor (identity + authentication).
As I understand it, this isn’t yet possible in the non-Anvil world either - passkeys maintained by the big identity providers are intrinsically linked to your identity there, and while it might be possible to use passkeys this way with ones stored in password managers, you still have the issue of needing to decrypt them before use with some sort of token, and that token is going to be linked to an identity somehow (I believe the big IdPs use account password for this purpose).
That may be true under the hood - I don’t know enough to say for sure. It seems to me that there is a way to implement this independent of a major identity provider like Google or Apple.
It might be a tad early for smaller players like Anvil to implement this, but here’s a list of current software companies who have implemented passkeys. It is mostly big tech or big retail companies but there are some smaller ones that have implemented it too.