-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Turn on WebAuthn in wp-admin #114
Comments
We'll need to decide which back-end provider to use. These are the options that I see:
Regardless of the approach, we'll want to get a security review. I added a checklist to the issue description so we don't forget. |
I'm inclined to go with the first option with the necessary updates as it benefits the community and brings the two factor plugin more up to date in regards to feature support making it more likely to be used and therefore more likely to be maintained. |
Integrating #134 and #146 is turning out to be more time consuming that I hoped, so I'm going to look into running WebAuthn Provider for Two Factor without any customizations -- or minimal customizations -- instead. If that works well, we could look into if it'd make sense to propose merging it upstream instead of being an add-on. One issue might be eventually needing to migrate keys from the plugin to upstream, but given the time constraints we'll probably just need to deal with that if it happens. |
For the MVP, let's turn on WebAuthn in the upstream plugin and verify that it works. If it does, I think we can launch with support for privileged users and iterate, adding support for all users.
Port MadWizard to upstream PRUpdate WebAuthn: Link to wp-admin until custom UI is built. #141 to show if enabled/disabled state programmatically.Enable the link to wp-admin from WebAuthn: Link to wp-admin until custom UI is built. #141The text was updated successfully, but these errors were encountered: