Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add section on webauthn constraints #2072

Merged
merged 1 commit into from
Dec 17, 2021
Merged

fix: add section on webauthn constraints #2072

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 18 additions & 15 deletions docs/docs/guides/2fa.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,12 +333,6 @@ cryptography instead of a password. Common use cases for WebAuthn are
- using an Operating System "platform module" (e.g. TouchID, FaceID, Windows
Hello Face, Android Biometric Authentication, ...)

:::info

WebAuthN is a Browser standard. It does not work on native mobile apps!

:::

Configuring WebAuthn correctly is imperative, because the authentication will
fail if something is not configured correctly.

Expand All @@ -365,15 +359,6 @@ WebAuthn prompt:

![WebAuthn Prompt](../images/webauthn/1.png)

:::info

Please be aware that implementing WebAuthN in your own UI can be challenging,
depending on which framework to use. Please check our
[reference implementations](./custom-ui.mdx) to see how we solved it for
different app types (web, single page app).

:::

### Writing E2E Tests

You will need a browser to run E2E tests using WebAuthn. Take a look at our
Expand All @@ -382,6 +367,24 @@ for [Cypress](https://www.cypress.io). You can find more information about the
approach for Cypress in
[cypress#6991](https://github.com/cypress-io/cypress/issues/6991#issuecomment-612888645).

### WebAuthN Constraints

There are some limitations to WebAuthN to be considered in development:

- WebAuthN is a Browser standard. It does not work on native mobile apps.

- WebAuthN is limited to one domain and does not work in a local environment
when using CNAME / Ory Proxy.
WebAuthN uses an `https://origin` URL as part of the client<->server
challenge/response mechanism. This mechanism allows for only one URL as the
origin. Read more in the [WebAuthN guide](https://webauthn.guide/) and on
[GitHub](https://github.com/w3c/webauthn/issues/1372).

- Implementing WebAuthN in your own UI can be challenging, depending on which
framework to use. Please check our
[reference implementations](./custom-ui.mdx) to see how we solved it for
different app types (web, single page app).

## Build Your Own UI

The major benefit of Ory Kratos is that you can bring your own login,
Expand Down
27 changes: 12 additions & 15 deletions docs/versioned_docs/version-v0.8/guides/2fa.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,12 +333,6 @@ cryptography instead of a password. Common use cases for WebAuthn are
- using an Operating System "platform module" (e.g. TouchID, FaceID, Windows
Hello Face, Android Biometric Authentication, ...)

:::info

WebAuthN is a Browser standard. It does not work on native mobile apps!

:::

Configuring WebAuthn correctly is imperative, because the authentication will
fail if something is not configured correctly.

Expand All @@ -365,15 +359,6 @@ WebAuthn prompt:

![WebAuthn Prompt](../images/webauthn/1.png)

:::info

Please be aware that implementing WebAuthN in your own UI can be challenging,
depending on which framework to use. Please check our
[reference implementations](./custom-ui.mdx) to see how we solved it for
different app types (web, single page app).

:::

### Writing E2E Tests

You will need a browser to run E2E tests using WebAuthn. Take a look at our
Expand All @@ -382,6 +367,18 @@ for [Cypress](https://www.cypress.io). You can find more information about the
approach for Cypress in
[cypress#6991](https://github.com/cypress-io/cypress/issues/6991#issuecomment-612888645).

### WebAuthN Constraints

There are some limitations to WebAuthn to be considered in development:

- WebAuthN is a Browser standard. It does not work on native mobile apps.

- WebAuthN is limited to one domain and does not work in a local environment when using CNAME / Ory Proxy.
WebAuthN uses an `https://origin` URL as part of the client<->server challenge/response mechanism. This mechanism allows for only one URL as the origin. Read more in the [WebAuthN guide](https://webauthn.guide/) and on [GitHub](https://github.com/w3c/webauthn/issues/1372).

- Implementing WebAuthN in your own UI can be challenging, depending on which framework to use. Please check our [reference implementations](./custom-ui.mdx) to see how we solved it for
different app types (web, single page app).

## Build Your Own UI

The major benefit of Ory Kratos is that you can bring your own login,
Expand Down