Add fingerprint sign in #33

New Issue

shibao · 2023-03-16T17:40:56-04:00

shibao commented

2023-03-16 17:40:56 -04:00

may need to add an additional database table in order to store attestations for users

shibao added the

enhancement

label 2023-03-18 22:56:29 -04:00

shibao added this to the cannery project 2023-03-18 22:56:58 -04:00

aaron_nad commented

2023-04-10 16:41:50 -04:00

Is there a possible chance to support external authentication realms at some point down the line? This could be the implemention of SAML2 or Oauth etc.

I have Authetnik deployed at home which can use LDAP/SAML/OAUTH/OPENID/SCIM etc. There's also Authelia for authentication.

The likes of SAML can support JIT (Just in time) user creation so that the users are created on inital login. Not sure how easy to integrate into the existing user database this would be though, or what plugins/modules are available for elixir.

I had seen https://github.com/handnot2/samly for example, but it was last updated in 2019

There's https://github.com/ueberauth/oauth2 for oauth which appears to still be maintained - last updated Jan 2nd

If you wanted any help testing anything to do with the authentication im happy to spin up development builds and test deployments with authentication services where possible

Is there a possible chance to support external authentication realms at some point down the line? This could be the implemention of SAML2 or Oauth etc. I have Authetnik deployed at home which can use LDAP/SAML/OAUTH/OPENID/SCIM etc. There's also Authelia for authentication. The likes of SAML can support JIT (Just in time) user creation so that the users are created on inital login. Not sure how easy to integrate into the existing user database this would be though, or what plugins/modules are available for elixir. I had seen https://github.com/handnot2/samly for example, but it was last updated in 2019 There's https://github.com/ueberauth/oauth2 for oauth which appears to still be maintained - last updated Jan 2nd If you wanted any help testing anything to do with the authentication im happy to spin up development builds and test deployments with authentication services where possible

aaron_nad commented

2023-04-10 18:08:22 -04:00

I've since gone down the rabbit hole and found this as an example for an oAUTH / Open ID connector as well - https://github.com/pow-auth/assent - which looking at some elixir forums appears to be quite wildly used?

shibao commented

2023-04-10 18:21:21 -04:00

Since we're not using pow, we can't use pow assent, however I was planning on using https://github.com/tanguilp/wax to support login with a phone fingerprint scanner or a yubikey

👍 1

shibao commented

2024-10-26 22:05:00 -04:00

@aaron_nad do you still use a LDAP/SAML user thing at your house? i know a lot of enterprises would want this feature, but i feel like it'd be better (and a bit more practical) to prioritize this ticket or the WebAuthn credentials management api, also known as "that annoying window that pops up asking if you'd like to save this username and password into chrome". this ticket is mostly for a passwordless fingerprint scan replacing a password, so i'd like to make another ticket for LDAP/SAML/anything else if it still has demand

Sign in to join this conversation.