Passkeys
AuthTuna provides a complete implementation of the WebAuthn standard, allowing you to offer passwordless authentication with passkeys. This is a more secure and user-friendly alternative to traditional passwords.
Configuration
To enable passkey authentication, you need to configure the following settings in your .env file:
WEBAUTHN_ENABLED=True
WEBAUTHN_RP_ID="yourdomain.com"
WEBAUTHN_RP_NAME="Your App Name"
WEBAUTHN_ORIGIN="https://yourdomain.com"
WEBAUTHN_ENABLED: Set this toTrueto enable passkey functionality.WEBAUTHN_RP_ID: The relying party ID. This should be the domain of your website.WEBAUTHN_RP_NAME: The name of your application. This will be displayed to the user during the passkey creation process.WEBAUTHN_ORIGIN: The origin of your website. This should be the full URL of your website, including the protocol.
Usage
Once you've configured the settings, you can use the built-in passkey routers to handle the registration and authentication of passkeys. These routers are located in authtuna/routers/passkeys.py and are included automatically when you call init_app(app).
Registration
To register a new passkey, you'll need to make a POST request to the /passkeys/register/begin endpoint. This will return a set of options that you can use to create the passkey on the client-side. Once the passkey has been created, you'll need to make a POST request to the /passkeys/register/complete endpoint with the client-side data to complete the registration.
Authentication
To authenticate with a passkey, you'll need to make a POST request to the /passkeys/login/begin endpoint. This will return a set of options that you can use to get the passkey assertion on the client-side. Once you have the assertion, you'll need to make a POST request to the /passkeys/login/complete endpoint with the client-side data to complete the authentication.