i'd love to see that as well. i was trying to setup 2FA and was confused by the result... U2F is pretty much standard at this point and i would much rather use it (and my Yubikey token) than TOTP...
IIUC, u2f/WebAuthn probably requires some basic JS to work (at the moments the token needs to be accessed). Would that be OK for the site, given its no JS architecture?
the javascript is only needed for users that actually enable u2f for their account if you redirect to the u2f page after login, same thing for the setup page.
the javascript is only needed for users that actually enable u2f for their account if you redirect to the u2f page after login, same thing for the setup page.
I think it would be an acceptable tradeoff.
Javascript is not satan. As much as I dislike the thing, it has its purpose for such things... :)
I would also like to be able to use my yubikey for sr.ht
I'm willing to help work on this issue once I get familiar with the sr.ht codebase. There are Python libraries to make implementing WebAuthn easier. Perhaps the WebAuthn pages could have notices saying "JavaScript is needed on this page for WebAuthn functionality and nothing else" or something like that.
Has there been any movement on this issue?
Any updates on this issue yet? Would also love to help out if I can.