doramatadora / passwordless-demo

Proof-of-concept implementation of passwordless authentication at the network's edge, using Passkeys, Fastly Compute and KV Store.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Passkeys (WebAuthn) on Fastly Compute

Deploy to Fastly

Passwordless authentication at the network's edge

This is a proof-of-concept implementation of passwordless authentication at the network's edge, using Passkeys and Fastly Compute.

It uses KV Store (a CRDT-based edge state system) to store state at the edge, including user credentials and short-lived challenges.

The passwordless-protected origin is a basic web chat app hosted on Glitch. Its realtime functionality is powered by Fastly Fanout, also at the edge.

What are Passkeys?

Passkeys are a new type of login credential that allows you to log in to sites and services without having to enter a password – think biometric locks.

Passkeys are a compelling WebAuthn-based alternative to the ubiquitous password + 2nd-factor authentication. Unlike low assurance 2nd factors like SMS, they're resistant to push-phishing, unique across every website, and are generated using cryptographically secure hardware.

Additionally, passkeys generated by the 3 main platform authenticator vendors (Apple, Google, and Microsoft) are automatically synced across a user's devices, by their cloud account.

What is this?

Look at the far right side of this diagram: FIDO2: WebAuthn + CTAP diagram

Imagine building a high scale, globally distributed FIDO2 authentication solution — without having to manage the underlying infrastructure. The code is executed at the network's edge, as close to your users as possible.

Try it yourself

If you haven't got a Fastly account, get one for free, and head on over to developer.fastly.com for instructions on getting started with Compute.

You'll need to install the Fastly CLI and JavaScript language tooling (Node.js / npm).

Run!

Check out this repo and install the dependencies:

git clone https://github.com/doramatadora/passwordless-demo.git
cd passwordless-demo
cp .env.local .env
npm install

Check out the companion application (real-time chat), set it up and run it by following the instructions in doramatadora/fanout-chat. Feel free to choose a different origin backend for local development; if you do so, you will need to update the following section in fastly.toml:

    [local_server.backends.origin]
      url = "http://localhost:7999/"

TIP 💡 You can replace the origin backend with another URL if you like.

Run fastly compute serve to spin up a local development server and see the demo in action, or fastly compute serve --watch if you want to hot-reload any changes to the code.

Open http://localhost:7676/ in your browser, rather than http://127.0.0.1:7676127.0.0.1 is not a valid WebAuthn Relying Party domain.

About

Proof-of-concept implementation of passwordless authentication at the network's edge, using Passkeys, Fastly Compute and KV Store.

License:MIT License


Languages

Language:JavaScript 74.5%Language:HTML 14.0%Language:CSS 10.8%Language:Batchfile 0.4%Language:Shell 0.3%