fido2support

adison

hello.
i would like you guys to add fido2support to the cloudron for things like security keys, passkeys, etc etc.
many members of my organization do not like using2FA TOTP.
so they would rather add fido.
please add that in.
thanks.
adison verlice

girish

This is in the pipeline. We , in fact, purchased some nitro keys to implement this a while back.

adison

o really? interestin. the open source nitrokey. thats amazing. aw, interestin. i was hoping you guys would add something like this, as it would not only allow for more secure access, but for people who use keys, in stead of needing a code, they can just put the key right in and boom. and if its a passkey, well, just enter your pin.

girish

yup, with more apps using oidc, can't imagine using 2fa codes

adison

yeah. most people in my organization don't wonna have to pop in some mumbo jumbo chumbo long token, then get this30second6diget long code, then login, they all have been complaining about wanting fido2support. either that, or oauth2access with a platform that they can use a passkey on like google.

adison

because its been a long wile, i would like to know how this is doing? has there been any plans to support the fido implementation yet?

adison

also, if you cant support it indirectly at least let us use an API, sutch as https://passwordless.dev to implemenet it like someware in the settings

nebulon

Sadly I didn't investigate further since last time. The implementation in Cloudron was harder than expected. But your link might have a simpler way to integrate this. But at least as I understood that, its actually a framework not an API.

adison

aw. but it says you need a key, witch i can get as its really easy.

micmc

@adison said in fido2support:

aw. but it says you need a key, witch i can get as its really easy.

adison

also, i'm curious, how is it hard to implement fido? vaultwarden was able to do it, no problem, i'm curious how cloudron cant

nebulon

as said I didn't look again into that so far. Last time I attempted, I only managed to get it to work on chrome, but not on firefox. The attempt was with the https://www.npmjs.com/package/fido2-lib module back then.

adison

huh weird. it should workd on almost all major browsers, firefox, chrome, etc etc

adison

i found another open source project that can help, built around passkeys.
https://github.com/teamhanko/hanko

simon

Hello,
I just wanted to emphasise that this topic is super important.
Now that all browsers and the big tech giants support the topic, more and more websites are offering passkey as a secure and very convenient authentication method. At the latest after Amazon offers passkey as a password replacement (https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app), the topic has finally arrived on the broad market.

I see two areas of interest for Cloudron here:

1. cloudron apps with keypass (as 2fa or also as 1fa)
2. app for developers such as Hanko.io=> https://forum.cloudron.io/topic/8375/hanko-io-fido2-webauthn-passwordless-login

adison

@simon uh huh.
thanks for supporting this topic.
this is hanko, by the way

adison

another alternative is passwordless.dev, i think

simon

@nebulon maybe because you use Linux? Unfortunately, the support there is still very poor, but it looks much better on other devices. https://www.passkeys.io/compatible-devices

adison

@simon yeah true

adisonverlice2

alright, i'm wondering what improvements have been made sense this topic rolled out.