Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Webauthn CLI login could be much easier #4717

Open
indirect opened this issue May 16, 2024 · 0 comments
Open

Webauthn CLI login could be much easier #4717

indirect opened this issue May 16, 2024 · 0 comments

Comments

@indirect
Copy link
Member

  1. Webauthn tokens include user identity, so we could allow gem signin to jump straight to the browser-based webauthn flow:
$ gem signin
Signing in to RubyGems.org. Don't have an account yet? Create one at https://rubygems.org/sign_up
Username/email:  [press enter to provide a passkey in your web browser]
  1. Other CLIs that provide web-based login allow you to skip copying and pasting the URL (or clicking on it, if your terminal supports that). For example, Stripe prints the URL but then lets you push enter to open that page in your browser:
Your pairing code is: a-b-c-d
This pairing code verifies your authentication with Stripe.
Press Enter to open the browser or visit https://dashboard.stripe.com/stripecli/confirm_auth?t=abcd (^C to quit)
⣷Waiting for confirmation...
  1. The Webauthn path is completely separate from the OTP code path, but a good user experience would let you open the browser URL, try webauthn, realize you don't have your passkey, and then provide an OTP code instead (if you have one) to finish auth. We should provide a good web experience rather than a message that says the user should hit control-C and try again with the --otp flag provided up front.

  2. The CLI should abort after however long the URL is good for. Today, it waits well after visiting the URL will show the message "The token in the link you used has either expired or been used already."

Here's what combining 2, 3, and 4 might look like:

$ gem signin
Signing in to RubyGems.org. Don't have an account yet? Create one at https://rubygems.org/sign_up
Username/email:  [email protected]
Password: xxxx

API Key name [machine.name-user-20240515190158]:
The default access scope is:
  index_rubygems: y

Do you want to customise scopes? [yN]

You have enabled multi-factor authentication. Press enter or browse to https://rubygems.org/auth_verification/QDccftuVuy?port=56418 so you can authenticate.
Waiting for up to one minute...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant