type1fool
WebAuthnLiveComponent - Passwordless Auth for LiveView Apps
WebAuthnLiveComponent WebAuthnComponents
See this post about renaming the package.
Passwordless authentication for Phoenix LiveView applications.
Description
I am happy to announce public availability of WebAuthnComponents, an implementation of passwordless authentication designed for LiveView applications.
As Passkey support is rolled out to operating systems, browsers, and credential managers, WebAuthnComponents will allow you to easily add passwordless authentication to greenfield and brownfield applications.
This package is released as part of my talk at ElixirConf 2022. As of September 1, 2022, it is in an early alpha stage, and I am looking for feedback from early adopters. See the readme for caveats and plans for v1.
Updates
Resources
Most Liked
Hermanverschooten
type1fool
Update
Version 0.6.0 has been released ![]()
This release extends the new wac.install Mix Task to generate all the code required to implement Passkeys in a new LiveView application. Also, the TokenComponent has been removed in favor of cookie-based session storage.
The readme and other documentation has been updated, and setup should now be a much more streamlined process. Using wac.install, you no longer need to generate the LiveView or other code to get up and running. See the wac.install docs for available options.
Thanks to @oullette @sax @mward-sudo and everyone who’s provided feedback on this project.
End User Demo
State of Passkeys
Passkey support has been picking up steam, and I’m looking forward to Windows adding support for credential management across devices. Recently, Passkey support graduated out of beta for 1Password, my preferred credential manager. MacOS and Android users can use their platform-specific credential managers as well.
Next Steps
My next planned improvement is to add Telemetry events to the components and remove all calls to Logger, with the goal of improving observability.
I would also like to document the process of implementing WebauthnComponents in existing applications, but this is a daunting task. Providing step-by-step migration from basic auth or 0auth seems feasible, though guides for migrating from phx.gen.auth, Pow, and various packages may put too much burden on maintenance. If you have thoughts or would like to contribute, feel free to ping me here or in an issue.
type1fool
Update
Version 0.7.0 has been released, with one new feature and a bug fix.
- Now, WebauthnComponents supports Passkey autofill, which streamlines the authentication process for existing users.
- Migrations are now generated in a deterministic order, fixing a bug where the
userscould be generated after its dependent migrations.
Passkey Autofill
With the introduction of autofill, users will be presented with a Passkey prompt automatically after the authentication component is mounted. Previously, users would need to click the “authenticate” button first, often thinking the email field was also required. With autofill, users have a more seamless authentication experience. ![]()
If a user has multiple accounts on an application, they will still be prompted to select the desired account.
Order of Migrations
Most of the templates and generators I created can be generated out of order, but migrations are an exception. Because migration files are generated with a timestamp and users must be created first, it’s important to create them in the correct order.
The migrations generator was using a plain Elixir map for its template files. Elixir maps are unordered, so the order of the keys in code are not necessarily the order they will be processed in Enum functions or for comprehensions. This is an oversight that catches me more often than I’d like to admit. ![]()
The solution was to convert the template map into a Keyword list, which maintains the order of its keys (fix commit). Now, we can be sure that the users table is created before the user_keys and user_tokens tables which depend on it. ![]()
Credits
Shout out to Daniel Pinheiro for introducing the autofill feature and to David Parry for reporting the migrations issue.
Popular in Announcing
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









