npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

passkey-manager

v2.0.5

Published

Passkeys - Made Easier

Downloads

10

Readme

Passkey Manager

Passkey Manager is a JavaScript module designed to manage WebAuthn registration and authentication processes. It aims to de-mystify and simplify the whole 'PassKey' process, and get you up and running in under 15 - 30 minutes.

WebAuthn (Passkeys) is a web standard introduced by the World Wide Web Consortium (W3C) to revolutionize the way users authenticate online. By eliminating the need for passwords, Passkeys offer a more secure, phishing-resistant, and user-friendly authentication method, relying on biometrics, hardware tokens, or mobile devices. Integrating Passkeys can significantly enhance user security and provide a seamless login experience, making it a crucial step forward in modern web development.


Table of Contents


Installation

To install Passkey Manager, run the following command in your project directory:

npm install passkey-manager

Key Concepts

Passkeys are a more secure alternative to using passwords, SMS Text Message Verification, or Email Link Verification to identify users because they're

  • Locked in user's device
  • Can't Be Stolen or Forged
  • Typically Require Biometrics to Use

Below is a HIGH level overview of how you can easily integrate them into your site:

Registration

  1. Once the user has logged in, they'll create a new passkey on their side and give you the passkey's ID and a payload - which verifies the passkey they created.

  2. Next, you send the payload to our API to be decrypted and verified.

  3. Once verified, you need to associate the passkey's ID with that user in your database.

That's it! In the future, anyone who can verify ownership of that passkey ID must be THAT user! Simple, right?

Authentication

This is flexible enough to work however you want to do it; but here's what works for us:

  1. Someone sends you a passkey id of ${x}, and a verification payload.

  2. Send the payload to our API to be verified.

  3. If its verified, look up the user in your database by their passkey-id.

Now that you've authenticated the user, set a session cookie or something.


Browser Library

Importing and Initializing Passkey Manager

To use Passkey Manager in your project, import and instantiate it as follows:

import { PasskeyManager } from 'passkey-manager';

const keyManager = new PasskeyManager();
await keyManager.load();

Checking Registration Status

To check if a user has already registered a Passkey with your site, use the following method:

const status = await keyManager.manager.RegistrationStatus();
console.log('Registration Status:', status);

Creating a Passkey

You can create a new Passkey by triggering the register method, and sending the response to your API. (Replace yourApi.post with your API endpoint.)

try {
  const registration = await keyManager.manager.register('userId', 'userName', 'userDisplayName', 'rpName');
  const registrationVerification = await yourApi.post('/api/verify/registration', registration);
} catch (error) {
  console.error('Error Registering User:', error);
}

Authenticating a Passkey

You can have the user verify their Passkey by using the authenticate method and sending the response to your API.

try {
  const authenticationData = await keyManager.manager.authenticate();
  const userData = await yourApi.post('/api/verify/authentication', authenticationData);
} catch (error) {
  console.error('Authentication Error:', error);
}

Auto-fill Operation

Enhance the user experience by auto-filling passkeys when a user clicks into an input field. Ensure the input field has the attribute autocomplete="webauthn":

const success = await keyManager.manager.autoFill();
console.log('Auto-fill Success:', success);

Client Library Documentation

PasskeyManager

Methods

  • load(): Promise
    • Returns a promise that resolves when the manager is loaded.

manager

Methods

  • register(userId: string, userName: string, userDisplayName: string, rpName: string): Promise<{ id: string; payload: string }>

    • Creates a Passkey for your site on the user's device
    • Returns a promise with the passkey ID and the Base64 encoded encrypted results.
  • authenticate(autoFill?: boolean): Promise<{ id: string; payload: string }>

    • Initiates Passkey authentication.
    • Returns a promise with the passkey ID and the Base64 encoded encrypted results.
  • autoFill(): Promise

    • Performs an auto-fill operation based on WebAuthn.
    • Returns a promise indicating the success of the operation.
  • RegistrationStatus(): Promise

    • Checks the user's registration status with the IndexedDB.
    • Returns a promise indicating the registration status.

Server Documentation

First, register your site with Keyri.

Next, under "Setup And Credentials", get your Application Key.

Temporary Key

To drop latency, - you need to get a temporary-key that's good for 24 hours, which you can get like this:

curl -X GET https://api-keys.keyri.com -H "x-api-key: qr...P1U"

which returns the following:

{
    "ttl": 1697723187193,
    "key": "eyJ...SJ9"
}

This will be used in future API Calls such as register and authenticate

Register

When verifying a user's registration request, forward whatever they sent you to our API https://passkeys.keyri.com/v1/register:

// Data from user
{"id": "xxx", "payload": "eyJhd...xe=="}
curl -X POST https://passkeys.keyri.com/v1/register \
-H "Content-Type: application/json" \
-H "x-api-key: qr...P1U" \
-H "x-temp-key: eyJ...SJ9" \
-d '{"id": "xxx", "payload": "eyJhd...xe=="}'

Authenticate

When verifying a user's authentication request, forward whatever they sent you to our API https://passkeys.keyri.com/v1/authenticate:

// Data from user
{"id": "xxx", "payload": "eyJhd...xe=="}
curl -X POST https://passkeys.keyri.com/v1/authenticate \
-H "Content-Type: application/json" \
-H "x-api-key: qr...P1U" \
-H "x-temp-key: eyJ...SJ9" \
-d '{"id": "xxx", "payload": "eyJhd...xe=="}'

Support

For support or any questions, please reach out to [email protected].


License

This project is licensed under the MIT License - see the LICENSE.md file for details.