Adds WebAuthn/Passkey authentication to your user resource

Creates a credential resource and adds the WebAuthn strategy to the user resource. Users can sign in with hardware security keys (YubiKey), platform authenticators (Touch ID, Windows Hello), or passkeys.

rp_id, rp_name, and origin are wired through your generated Secrets module and read from the application environment, so you can configure them per-environment via config/dev.exs, config/test.exs, and config/runtime.exs (which is seeded with System.get_env/1 reads of WEBAUTHN_RP_ID, WEBAUTHN_RP_NAME, and WEBAUTHN_ORIGIN).

Example

mix ash_authentication.add_strategy.webauthn

Options

• --user, -u - The user resource. Defaults to YourApp.Accounts.User.
• --identity-field, -i - The field on the user resource that identifies the user (typically email). Defaults to email.
• --name, -n - The strategy name. Defaults to webauthn.
• --mode, -m - Either primary or 2fa. Defaults to primary.
  • primary (default) — passkeys are the primary credential. The strategy enables registration, sign-in, and verify.
  • 2fa — passkeys act only as a second factor on top of another primary credential (e.g. password). Disables registration and sign-in; keeps verify enabled.