Prompt components for the Authnomicon project.
@authnomicon/prompts
is a set of components for prompting the user within a
web browser.
The prompts form a challenge-response protocol to authenticate the user. Prompts may also perform related access control operations, such as identity proofing or obtaining authorization for third-party access.
Prompts are presented in a web browser, and as such present challenges to the
user by rendering HTML. The user provides a response by submitting an HTML
form. Sequences of prompts are strung together using a series of redirects.
Optionally, prompts may be progressively enhanced
using client-side JavaScript to enhance the user experience and take advantage
of richer capabilities. If so, the response may be submitted programmatically
via fetch()
or
XMLHttpRequest
.
Within the context of a overarching authentication or authorization protocol,
a prompt or sequence of prompts is often referred to as a "flow" (in the case of
OAuth) or a "ceremony" (in the
case of WebAuthn). Such flows often
require relatively complex per-request state management, which is maintained
using flowstate
.
- @authnomicon/prompts-oob - Components to present prompts to the user via out-of-band channels. Typically used when authorization is needed in non-web-based environments, such as point-of-sale transactions with a cashier or teller and self-service kiosks.
- Jared Hanson { }
Copyright (c) Jared Hanson