Skip to content

Todo app using Express and Passport for passwordless sign in with passkeys or security keys.

Notifications You must be signed in to change notification settings

passport/todos-express-webauthn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

todos-express-webauthn

This app illustrates how to use Passport with Express to sign users in with a passkey or a security key. Use this example as a starting point for your own web applications.

Quick Start

To run this app, clone the repository and install dependencies:

$ git clone https://github.com/passport/todos-express-webauthn.git
$ cd todos-express-webauthn
$ npm install

Then start the server.

$ npm start

Navigate to http://localhost:3000.

Overview

This app illustrates how to build a todo app with sign in functionality using Express, Passport, and the passport-fido2-webauthn strategy.

This app is a traditional web application, in which application logic and data persistence resides on the server. HTML pages and forms are rendered by the server and client-side JavaScript is kept to a minimum.

This app is built using the Express web framework. Data is persisted to a SQLite database. HTML pages are rendered using EJS templates, and are styled using vanilla CSS.

When a user first arrives at this app, they are prompted to sign in. To sign in, the Web Authentication API is used to prompt the user for their passkey or security key. Once authenticated, a login session is established and maintained between the server and the user's browser with a cookie.

After signing in, the user can view, create, and edit todo items. Interaction occurs by clicking links and submitting forms, which trigger HTTP requests. The browser automatically includes the cookie set during login with each of these requests.

When the server receives a request, it authenticates the cookie and restores the login session, thus authenticating the user. It then accesses or stores records in the database associated with the authenticated user.

License

The Unlicense

Credit

Created by Jared Hanson

Releases

No releases published

Sponsor this project

 

Packages

No packages published