This is a work in progress (but working) skeleton of a Deno/Opine application with passwordless login (Web Authentication API, WebAuthN, FIDO2).
Node version (Koa and @hexagon/webauthn) live at https://56k.guru/webauthn Deno version (Deno, Opine and @hexagon/webauthn) live at https://56k.guru/webauthn-deno
- Tested with Windows Hello, Yubikey or Android lockscreen, more to come.
- Supports adding more than one authentication method to the same account.
- Supports transfering account to another device by a time limited one time link or QR-code.
Using Deno, Opine and fido2-lib
There are multiple versions of this demo available in different branches
| Runtime | Server framework | Branch | Webauthn-lib | Live at |
|---|---|---|---|---|
| Node | Koa | main | fido2-lib | 56k.guru/webauthn |
| Node | Express | server/express | fido2-lib | - |
| Deno | Opine | server/deno | fido2-lib | 56k.guru/webauthn-deno |
First clone this repo, then:
1. Generate self signed certificate and keys (webauthn requires HTTPS), and import the cert on your computer
I repeat, you need to generate keys, certificate and serve using https for webauthn to work
cd keys
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=localhost'
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem
cd ..
Using deno tasks (>=1.21.0)
deno task start
Or manually
deno run --allow-read --allow-net --allow-env --allow-write --lock=lock.json ./app.ts
https://localhost:3000
docker build . --tag="hexagon/webauthn-skeleton-deno"
sudo docker run \
-d \
--restart=always \
-e WAS_ORIGIN="https://localhost:3000" \
-e WAS_RPID="localhost" \
-e WAS_BASE_URL="https://localhost:3000/" \
-e WAS_BASE_URL="https://localhost:3000/orlikethisifservedfromasuburl" \
-e WAS_RPNAME="WebAuthN Demo" \
-e WAS_MODE="development" \
-e WAS_PORT=3000 \
--name webauthndemo-deno \
hexagon/webauthn-skeleton-deno```