Skip to content

Add passkey authentication as alternative to magic links #2027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dpshade wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add passkey authentication as alternative to magic links #2027

dpshade wants to merge 1 commit into from
+1,055 −33

Conversation

@dpshade
Copy link

@dpshade dpshade commented Dec 9, 2025
edited
Loading

Summary

Implements WebAuthn passkey support for passwordless authentication, addressing the request in Discussion #1919 where maintainers indicated preference for passkeys over traditional passwords.

Features

  • Sign in with passkey from the login page (discoverable credentials)
  • Sign up with passkey or fall back to email verification
  • Manage passkeys from Settings menu (add/remove)
  • Choice screen for users with passkeys (passkey or email)

Technical Details

  • Uses webauthn gem (~> 3.0) for WebAuthn/FIDO2 protocol
  • Passkeys stored with Identity (not account-scoped)
  • Supports discoverable credentials (resident keys)
  • Per-request relying party configuration for multi-domain support

Screenshots

image image

Testing

  • Unit tests for Passkey model
  • Controller tests for all new endpoints
  • Fixtures for passkey data
  • Tested locally with Proton Pass

Acknowledgments

This implementation was largely developed with assistance from Claude Code (Opus 4.5 from Anthropic).

Refs: #1919 (comment)

@dpshade
Add passkey authentication as alternative to magic links
0634553 
Implements WebAuthn passkey support for passwordless authentication,
addressing the request in Discussion basecamp#1919 where maintainers indicated
preference for passkeys over traditional passwords.

Features:
- Sign in with passkey from the login page
- Sign up with passkey (or fall back to email verification)
- Manage passkeys from Settings menu (add/remove)
- Users with passkeys see a choice screen (passkey or email)

Technical details:
- Uses webauthn gem (~> 3.0) for WebAuthn/FIDO2 protocol
- Passkeys stored with identity (not account-scoped)
- Supports discoverable credentials (resident keys)
- Per-request relying party configuration for multi-domain support
@dpshade dpshade marked this pull request as ready for review December 9, 2025 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dpshade