Webauthn passwordless UX
68 views
Skip to first unread message
Réda Housni Alaoui
Jun 24, 2023, 1:22:07 PM6/24/23
to Keycloak Dev
Hello everyone,
I opened https://github.com/keycloak/keycloak/issues/21140 to simplify access to webauthn passwordless authentication.
We have a realm where username/password + webauthn loginless authenticators are enabled. Most of our users don’t know what is Webauthn. To convert them to webauthn, we need to show them that Webauthn authentication is easier than the alternatives.
Currently a user wanting to authenticate via webauthn passwordless have to click around 4 times. Most of them won’t click on « try another way » and therefore won’t even discover this option.
I think webauthn passwordless as well as any authentication method requiring only to click on a single button should be displayed the same way as social authenticators. This would allow to authenticate via webauthn loginless in a single click.
I tried to implement that in a Pull Request, but it looks like authenticators are currently designed in a way giving a single authenticator exclusive control on page rendering. I.e. I cannot mix username+password form with the webauthn form in a single page without a huge refactoring.
Therefore, a less ambitious alternative would be to allow certains authenticators to provide a shortcut action that would be displayed above social provider buttons. That would allow to authenticate via webauthn loginless in 2 clicks.
I’d love to have some feedbacks about the general goal I am aiming for and about the best way to do it.
I would prefer to implement the first option to achieve the best UX. But I guess that would mean making authenticators provide template slices instead of full ones?
I opened https://github.com/keycloak/keycloak/issues/21140 to simplify access to webauthn passwordless authentication.
We have a realm where username/password + webauthn loginless authenticators are enabled. Most of our users don’t know what is Webauthn. To convert them to webauthn, we need to show them that Webauthn authentication is easier than the alternatives.
Currently a user wanting to authenticate via webauthn passwordless have to click around 4 times. Most of them won’t click on « try another way » and therefore won’t even discover this option.
I think webauthn passwordless as well as any authentication method requiring only to click on a single button should be displayed the same way as social authenticators. This would allow to authenticate via webauthn loginless in a single click.
I tried to implement that in a Pull Request, but it looks like authenticators are currently designed in a way giving a single authenticator exclusive control on page rendering. I.e. I cannot mix username+password form with the webauthn form in a single page without a huge refactoring.
Therefore, a less ambitious alternative would be to allow certains authenticators to provide a shortcut action that would be displayed above social provider buttons. That would allow to authenticate via webauthn loginless in 2 clicks.
I’d love to have some feedbacks about the general goal I am aiming for and about the best way to do it.
I would prefer to implement the first option to achieve the best UX. But I guess that would mean making authenticators provide template slices instead of full ones?
Reply all
Reply to author
Forward
0 new messages