~sircmpwn/meta.sr.ht#62: 
Add U2F support for 2FA

Status
REPORTED
Submitter
~sircmpwn
Assigned to
No-one
Submitted
2 years ago
Updated
1 year, 4 months ago
Labels
No labels applied.

~anarcat 2 years ago

i'd love to see that as well. i was trying to setup 2FA and was confused by the result... U2F is pretty much standard at this point and i would much rather use it (and my Yubikey token) than TOTP...

~akavel 2 years ago

IIUC, u2f/WebAuthn probably requires some basic JS to work (at the moments the token needs to be accessed). Would that be OK for the site, given its no JS architecture?

~martijnbraam 2 years ago

the javascript is only needed for users that actually enable u2f for their account if you redirect to the u2f page after login, same thing for the setup page.

~martijnbraam 2 years ago

the javascript is only needed for users that actually enable u2f for their account if you redirect to the u2f page after login, same thing for the setup page.

~anarcat 2 years ago

I think it would be an acceptable tradeoff.

Javascript is not satan. As much as I dislike the thing, it has its purpose for such things... :)

~amyers 2 years ago

I would also like to be able to use my yubikey for sr.ht

~jdemille 1 year, 4 months ago

I'm willing to help work on this issue once I get familiar with the sr.ht codebase. There are Python libraries to make implementing WebAuthn easier. Perhaps the WebAuthn pages could have notices saying "JavaScript is needed on this page for WebAuthn functionality and nothing else" or something like that.

Register here or Log in to comment, or comment via email.