Dear all,
as indicated earlier, I’ve published the webauthn package on GitHub:
Recent changes include:
- Better separation from acs-subsite (using ADP includes / widgets)
- Message keys and internationalization support (most important languages)
- Updates to acs-subsite (CVS head) to conditionally include WebAuthn UI elements when the package is configured
I have not yet worked further on improving the identifier-first mode in the case where a user has not registered a passkey using the same browser.
Installation
The package can be installed directly from the OpenACS UI by using the new OpenACS feature to load packages directly from GitHub, recently announced here. The requirements are listed in README.md
Testing via Docker
If you want to test passkeys in your own environment without upgrading OpenACS and NaviServer, the easiest way is via Docker. Below are the steps I’m using:
Configure OpenACS via Docker using:
oacs-db-inclusive,
name the stack, e.g., oacs-webauth
Provide the following environment variables (installing from CVS HEAD is required due to dependencies):
httpsport=8444
oacs_tag=HEAD
Start the stack, connect to OpenACS, perform the initial configuration as usual, reboot, and log in.
Go to
https://localhost:8444/acs-admin/install/
and select the last option (“URL or non-standard location”).
Load and install the following packages:
https://github.com/gustafn/webauthn
https://github.com/openacs/xooauth
Important: When you test webauthn registration or login, connect via
https://localhost:8444
and not via an IP address. Otherwise, browsers will reject passkey operations due to an insecure context.
Feedback, testing reports, and suggestions are very welcome.
Best regards,
-g
