-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Passkeys Guide #455
Add Passkeys Guide #455
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few comments - will let others chime in as well
server/guides/webauthn.md
Outdated
dependencies: [ | ||
// ... | ||
.product(name: "WebAuthn", package: "webauthn-swift") | ||
// ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can remove this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you mean the // ...
or the entire Package.swift block?
server/guides/webauthn.md
Outdated
|
||
extension Request { | ||
var webAuthn: WebAuthnManager { | ||
WebAuthnManager( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How expensive is this to create? i.e. should we do it on the Application
and expose it via Request
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cheap, it's just a simple stateless struct with 3 properties. I extended Request only to reduce the boilerplate
server/guides/webauthn.md
Outdated
``` | ||
|
||
Here we configure 3 things: | ||
1. The `relyingPartyID` identifies your app based solely on the domain (not the scheme, port, or path) it can be accessed on. All created Passkeys will be scoped to this identifier. That means a Passkey created at `example.org` can only be used on the same domain. This prevents other websites from talking to random Passkeys. However this also means if you want to change your domain at some point all users need to re-create their Passkeys! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably good to mention scoping to subdomains and how that affects things as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep
server/guides/webauthn.md
Outdated
|
||
#### Setting up the Relying Party | ||
|
||
If you haven't already downloaded the [demo project](https://github.com/brokenhandsio/swift-webauthn-guide), you should do so now. There's a `starter` and `final` project. Open the starter project and add the Swift WebAuthn library to your `Package.swift`: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tomerd any issues with this being linked here or would you prefer it to live in say the Swift Server Community org?
Co-authored-by: Tim Condon <[email protected]>
Co-authored-by: Tim Condon <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well done! Left some smaller comments.
It would also be great to add a link to this new guide on /server/guides/
, as it can be difficult to find otherwise. We're working on improving the documentation page to highlight this /server/guides/
index page as well.
@alexandersandberg sorry I think I messed up GitHub's diff visualisation by renaming the Also added an entry on the guides index page! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries, the diff can still be seen here: https://github.com/apple/swift-org-website/pull/455/files/21008c76439c81a7f3160ec2c4ec00cefcdd5b2c..db8b043be4f41ff8dd75df1c8619fac710bc6dde# 🙂
Co-authored-by: Alexander Sandberg <[email protected]>
Co-authored-by: Alexander Sandberg <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@marius-se if you can fix the conflict we can get this merged |
Head branch was pushed to by a user without write access
@swift-ci test |
This PR adds a guide about integrating Passkeys into a server-side Swift application
Setting up Passkeys is not trivial, but very rewarding. An in-depth tutorial on how to integrate Passkeys could increase the number of projects using this "new" (/old) technology and spread the word.
I haven't written any type of blog post before, so please let it rain criticism! I want to get better at (technical) writing :)
cc @0xTim