All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Technical Insights from Building Passkeybot: Lessons on Passkey Implementation and WebAuthn

By

emadda

5mo ago· 10 min readen
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Pure flour-power. Hearty enough to carry you through lunch.

Score100Typehow-toSentimentpositive

Summary

The article shares insights from building passkeybot.com, a hosted sign-in page that enables passkey authentication for websites. It explains technical aspects of passkeys including Secure Enclave Processors (SEP) in Apple devices, how they create secrets that never leave the secure enclave, and the WebAuthn standard. The author discusses practical implementation lessons, security considerations, and the advantages of passkeys over traditional passwords for user authentication.

Key quotes

· 4 pulled
Apple devices have secure enclaves which are like a separate tiny computer living inside the main CPU that has its own isolated encrypted memory and OS.
It can create secrets that never leave the secure enclave. The main OS can only prove it has possession of that secret by asking the secure enclave.
I recently released passkeybot.com, a hosted sign in page that allows you to add passkey auth to your site with just a few server side HTTP handlers.
Here are the things I learnt in the process.
Snippet from the RSS feed
Interesting things about passkeys in webauthn

You might also wanna read

Client ID Metadata Documents (CIMD): OAuth Client Identification Using URLs

Client ID Metadata Documents (CIMD) is a new OAuth approach that allows clients to identify themselves using URLs instead of requiring pre-r

client.dev·6mo ago

WebSparks: An AI-Powered Tool for Building Web Applications Without Extensive Coding

WebSparks is an AI-powered software engineer that transforms ideas into fully functional web applications without requiring extensive coding

innovirtuoso.com·18h ago

Joost de Valk publishes open Website Specification: 128 rules for modern, future-proof websites

Joost de Valk, creator of Yoast SEO, published the Website Specification (specification.website) — an open, platform-agnostic reference docu

ppc.land·23h ago

ZX Spectrum BASIC interpreter rebuilt from scratch to run natively in web browsers

A developer has rebuilt the ZX Spectrum's BASIC interpreter from scratch to run in a web browser, without emulating the original Z80 hardwar

boingboing.net·1d ago

How to Set Up an Apache Reverse Proxy for an Ecommerce Website

This article provides a comprehensive, start-to-finish guide on setting up an Apache reverse proxy specifically for ecommerce websites. It c

blog.radwebhosting.com·2d ago

Implementing live text search in React with Firestore Enterprise's built-in search pipeline

Firebase's Firestore Enterprise edition now includes built-in text search support. This article demonstrates how to implement live text sear

firebase.blog·2d ago