starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 22:25:55 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #298] Migrate/support new WebAuthn protocol instead of U2F #255

New issue
Closed
opened 2026-03-01 17:46:04 +03:00 by kerem · 2 comments
kerem commented 2026-03-01 17:46:04 +03:00
Owner
Copy link

Originally created by @rugk on GitHub (Jun 9, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/298

AFAIK U2F is kind of deprecated nowadays and WebAuthn should be used instead. It has some more features like passwordless authentication and some other integrations for other attestation stuff not only from hardware keys, but AFAIk it's a different API and thus you may need to adjust something.

These resources here may provide more information:

See/Compare it with Nextcloud, who deprecated their whole implementation of U2F in https://github.com/nextcloud/twofactor_u2f and switched to https://github.com/nextcloud/twofactor_webauthn. Interestingly how they implemented it is that you can optionally also use your hardware key for passwordless authentication, but you explicitly need to register it for that.
For such a thing, IMHO; I would also be fine with Anonaddy.

What may be done

  • Change the code so it uses WebAuthn (and U2F only as a fallback, for hardware keys, which don't support it yet? Or maybe that is somehow automatically done?)
  • Change all references in the UI to include less-technical terms (hardware key) or only as an addition include WebAuthn/U2F. Prefer "WebAuthn" if possible, as that is the latest stuff and also sounds better… 🙃
Originally created by @rugk on GitHub (Jun 9, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/298 AFAIK U2F is kind of deprecated nowadays and _WebAuthn_ should be used instead. It has some more features like passwordless authentication and [some other integrations for other attestation stuff not only from hardware keys](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/Attestation_and_Assertion), but AFAIk it's a different API and thus you may need to adjust something. These resources here may provide more information: * https://webauthn.guide/ (more user oriented) * https://webauthn.io/ (more technical) * https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API * There are not many sites explaining the differences I could find [and here is one of them](https://blog.strongkey.com/blog/guide-to-fido-protocols-u2f-uaf-webauthn-fido2), but it may not be the best, actually. See/Compare it with Nextcloud, who deprecated their whole implementation of U2F in https://github.com/nextcloud/twofactor_u2f and switched to https://github.com/nextcloud/twofactor_webauthn. Interestingly how they implemented it is that you can optionally also use your hardware key for passwordless authentication, but you explicitly need to register it for that. For such a thing, IMHO; I would also be fine with Anonaddy. ## What may be done * Change the code so it uses WebAuthn (and U2F only as a fallback, for hardware keys, which don't support it yet? Or maybe that is somehow automatically done?) * Change all references in the UI to include less-technical terms (hardware key) or only as an addition include WebAuthn/U2F. Prefer "WebAuthn" if possible, as that is the latest stuff and also sounds better… :upside_down_face:
kerem closed this issue 2026-03-01 17:46:04 +03:00
kerem commented 2026-03-01 17:46:05 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Jun 16, 2022):

Currently in the process of upgrading to v3 of https://github.com/asbiin/laravel-webauthn so I will close this once that is complete.

I'll update the references to U2F too, thanks.

<!-- gh-comment-id:1157391545 --> @willbrowningme commented on GitHub (Jun 16, 2022): Currently in the process of upgrading to v3 of https://github.com/asbiin/laravel-webauthn so I will close this once that is complete. I'll update the references to U2F too, thanks.
kerem commented 2026-03-01 17:46:05 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Jul 14, 2022):

Latest release now pushed to the server with Laravel WebAuthn v3 so this can be closed.

<!-- gh-comment-id:1184181966 --> @willbrowningme commented on GitHub (Jul 14, 2022): Latest release now pushed to the server with Laravel WebAuthn v3 so this can be closed.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#255
No description provided.