Add Passkeys Guide #455
Add Passkeys Guide #455
Conversation
marius-se
requested review from
0xTim,
alexandersandberg,
daveverwer,
dempseyatgithub,
parispittman,
kaishin,
mschinis,
shahmishal,
TimTr,
tomerd and
cthielen
as code owners
server/guides/webauthn.md
Outdated
| dependencies: [ | ||
| // ... | ||
| .product(name: "WebAuthn", package: "webauthn-swift") | ||
| // ... |
There was a problem hiding this comment.
you mean the // ... or the entire Package.swift block?
server/guides/webauthn.md
Outdated
|
|
||
| extension Request { | ||
| var webAuthn: WebAuthnManager { | ||
| WebAuthnManager( |
There was a problem hiding this comment.
How expensive is this to create? i.e. should we do it on the Application and expose it via Request?
There was a problem hiding this comment.
Cheap, it's just a simple stateless struct with 3 properties. I extended Request only to reduce the boilerplate
server/guides/webauthn.md
Outdated
| ``` | ||
|
|
||
| Here we configure 3 things: | ||
| 1. The `relyingPartyID` identifies your app based solely on the domain (not the scheme, port, or path) it can be accessed on. All created Passkeys will be scoped to this identifier. That means a Passkey created at `example.org` can only be used on the same domain. This prevents other websites from talking to random Passkeys. However this also means if you want to change your domain at some point all users need to re-create their Passkeys! |
There was a problem hiding this comment.
Probably good to mention scoping to subdomains and how that affects things as well
server/guides/webauthn.md
Outdated
|
|
||
| #### Setting up the Relying Party | ||
|
|
||
| If you haven't already downloaded the [demo project](https://github.com/brokenhandsio/swift-webauthn-guide), you should do so now. There's a `starter` and `final` project. Open the starter project and add the Swift WebAuthn library to your `Package.swift`: |
There was a problem hiding this comment.
@tomerd any issues with this being linked here or would you prefer it to live in say the Swift Server Community org?
Co-authored-by: Tim Condon <[email protected]>
Co-authored-by: Tim Condon <[email protected]>
There was a problem hiding this comment.
Well done! Left some smaller comments.
It would also be great to add a link to this new guide on /server/guides/, as it can be difficult to find otherwise. We're working on improving the documentation page to highlight this /server/guides/ index page as well.
|
@alexandersandberg sorry I think I messed up GitHub's diff visualisation by renaming the Also added an entry on the guides index page! |
There was a problem hiding this comment.
No worries, the diff can still be seen here: https://github.com/apple/swift-org-website/pull/455/files/21008c76439c81a7f3160ec2c4ec00cefcdd5b2c..db8b043be4f41ff8dd75df1c8619fac710bc6dde# 🙂
Co-authored-by: Alexander Sandberg <[email protected]>
Co-authored-by: Alexander Sandberg <[email protected]>
|
@marius-se if you can fix the conflict we can get this merged |
Head branch was pushed to by a user without write access
This PR adds a guide about integrating Passkeys into a server-side Swift application
Setting up Passkeys is not trivial, but very rewarding. An in-depth tutorial on how to integrate Passkeys could increase the number of projects using this "new" (/old) technology and spread the word.
I haven't written any type of blog post before, so please let it rain criticism! I want to get better at (technical) writing :)
cc @0xTim