Hey everyone, I recently implemented passkeys in Phoenix Elixir app using SimpleWebAuthn, let me know what you guys think.
There might be something fundamentally wrong with this approach. As far as I understand, all security checks are performed in the browser.
Let’s say I lost my security key. What prevents me from modifying the REST calls to tell the BE WebAuthn security checks were successfully performed anyway?
1 Like
