Any updates on this? Maybe someone already implemented it in custom meteor package?
1 Like
Added an issue to the core: Accounts.registerLoginHandler is still undocumented · Issue #12189 · meteor/meteor · GitHub
2 Likes
Anyone move exclusively to using WebAuthn? Seems like this is the way to go for a new project.
I have WebAuthn working, but until passkeys that can be shared across platforms become more widely available/adopted, most implementations tie the authentication to a single device which requires alternate authentication options. (e.g. I replaced my laptop/phone and now I can’t login). Have a look at my issue trying to support multiple MFA authentication methods in my Meteor app.
The WebAuthn API also has an awkward user workflow when trying to register ‘platform’ vs ‘cross-platform’ authentication methods on the same PC. e.g. I have “Windows Hello” and a YubiKey and it seems to always want to default to “platform” (Windows Hello) first and only presenting the YubiKey as an option if I cancel the Windows Hello dialog. In other words, the API appears to force a requirement to first ask the question “Do you want to register a ‘platform’ authenticator or a ‘cross-platform’ authenticator?” which of course needs to be explained what the differences are. I can’t seem to find a way to show all of the detected authenticators (platform & cross-platform) so that the user can choose one.
1 Like
Here are my learnings since implementing passkeys in our apps:
- Users who use hardware keys (e.g. Yubikey) are used to use “Try another option” when presented with 2fa authentication
- When saving the user’s credentials, save the credential “device type” used by the user. After the first successful login of the user, you can save a user’s reference in the browser and use that reference the next time he tries to login again. Then use the saved credential device type when prompting for authentication so the correct authentication type will be displayed to the user
1 Like
All our internal tools, like the admin panel and CRM, are now only accessible through passkeys. I am hoping that next year, we will be ready to remove passwords from our user-facing apps (as of now, we are just prompting our users to save a passkey when the device supports it)
1 Like
Yes, once the authenticator is registered, the workflow for the user to verify their authentication request works great. I can present all the ‘platform’ and ‘cross-platform’ authenticators they’ve registered for them to choose one (or simply automatically try using the last authenticator they used, or initially try the authenticator they set as the default). It’s the initial registration of the authenticators that is awkward and requires an additional step and explanation. It’d be fine in a corporate or closed environment (of techies), but ends up being confusing for much of the general public to understand.
In a similar way that Bitcoin/cryptocurrency is still somewhat difficult to adopt & use by the general public, I feel like it’s important to make the UX of moving away from single-factor (password) authentication as easy to use as possible if we want general adoption by the public.
is anyone able to share some boilerplate code?
2 Likes
Check this: https://simplewebauthn.dev/
Which also requires knowledge how to do custom login with meteor: Accounts (multi-server) | Meteor API Docs
1 Like
Yes, i saw those links. I’ve implemented a couple oauth providers but doing it with the basepackage is new to me, this is why I asked for as snippet.
Edit the simplewebauthn lib also requires node 16+
1 Like
I have it on my bucket list to do as an official Meteor package, or at least lobby for one. 
@nachocodoner @grubba
4 Likes
I’m working on an example i wanted to turn into a metero guide. Got all the bits in place, just need to apply some styling and polish things.
I decided against a package as webauthn itself is not a standalone, or well very sufficent signup expirience, authentication solution, more like an add-on login helper.
3 Likes
I’d like to have my team work on this. Checking here for feedback before we start work.
1 Like
I’d run a poll. Voting for bluehive:accounts-webauthn
1 Like
WebAuthn can be used to authenticate anything with biometrics, it is not only for accounts authentication. For example, write a message and authenticate the sending with biometrics. Yeah … it is really me who sends it.
It works differently for different platforms. On a desktop the user would probably create a passord if the computer doesn’t have a biometric system installed. On Android you need something to store the local key. My Samsung phone uses the Google service to store the local key, but it is a bit confusing. In the image, that is not a field to write something in. On IOS the experience is less cumbersome.
1 Like
@paulishca good point
@wreiske then we will need two packages:
webauthn- and
accounts-webauthnbased onwebauthn
Or perhaps there’s NPM WebAuthn package that we can use as base?
2 Likes
I have a working webauthn example I wrote about 3 years ago that utilized GitHub - MasterKale/SimpleWebAuthn: WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
It includes two dependencies:
This code is from 2022 and could use some dusting off. There may not be a need for simplewebauthn if browsers have updated support recently / are more standard in how they handle passkeys and other auth.
I just tested it and was successful in setting it up, so it may still be promising.
1 Like
Would be nice we have an blog post about Meteor Login using WebAuthn API