Hey folks, we are evaluating how much work it woul...
# talk-kratosr
rich-sandwich-46950
11/23/2023, 3:16 PMHey folks, we are evaluating how much work it would be to enable passkey support in API clients (mobile, basically) and started drafting a design doc for that (as this is basically WebAuthN, which is already supported and works in mobile app if you hack your requests enough). In the meantime, we found out this branch that is deeply connected with what we've planned. We don't want to re-do the work that you've already done (nor we want to do anything against it), but we need passkey support on mobile quite badly and are very eager to help. Do you have a timeline for this feature or can we help you somehow?
rich-sandwich-46950
11/29/2023, 9:19 AMSorry to disturb you@narrow-van-43826 but I see you are the main commiter on that branch. Is there a possibility of you sharing a rough timeline on this (this quarter/next one/later will be enoug)?
n
narrow-van-43826
11/29/2023, 9:57 AMHi, yes, I am actively working on it. My current focus is getting it to work nicely with discoverable credentials for browser flows, but if you have ideas or are willing to contribute native support, please share your ideas!
narrow-van-43826
11/29/2023, 9:58 AMIt'll be done either this or next quarter. Estimate is a little rough because of Christmas vacation 😉
r
rich-sandwich-46950
11/29/2023, 2:04 PMThank you very much for the response! From what we understand, if the discoverable credentials are handled better, then it basically means that passkeys on native are fully supported because that is exactly the same protocol - Kratos just need to expose them in the native flows.
Frankly, if we lie a little bit and pass username to existing WebAuthn implementation in Kratos, then we are able to register/sign user in in an mobile app with the browser flow, so this is basically a matter of exposing the flow for native clients. 🙂 So if you aim for an conformant WebAuthn with discoverable credentials implementation for browsers, then we get native implementation for "free".
There are open question on how we should pass the data to native clients because APIs of each platform is slightly different (Google wants JSON, Apple/MS want parsed object of `PublicKeyCredentialCreationOptions`/`PublicKeyCredentialRequestOptions` ), but that is basically it.
That said, we are willing to contribute the native part (i.e. exposing WebAuthN flow to native clients), but I don't think we (well, @square-machine-71017, as he's responsible for the contributions to Kratos on our side) will be able to help you with the general architecture as we don't know Kratos internals well enough. And it would be better to do the native part after the web one is (roughly) finished. Nevertheless, if you need some testing (i.e. using the browser implementation on mobile just to validate the ideas), then shoot us - we already have test app for Android (iOS is in the works) ready and are actively running
master