WebAuthn

@aurawindsurfing, thank you for responding but I kindly disagree.

Italo Cabrera has the WebAuthn package for Laravel, and then there is the Laravel Fast-Login package.

This is new territory for me and I am hoping to find a bit more guidance than the repo's readme's provide. I can Google docs and example code, but that doesn't provide me with real-world developer experience in implementing it and implementing it within a Laravel project.

@whoisthisstud but how do you plan to implement touch? Or scan someone face if not with mobile device?

Touch is out straight away. If you think mac then its apple SDK and some sort of OAuth. Webcam - maybe but who uses webcams?

Do you get my point?

Those are really interesting packages tough!

@aurawindsurfing most devices, nowadays, implement either biometrics or a face-scanning/identifying tech for device access (FaceID or TouchID on iPhones & macs, fingerprint on Android, Hello on Windows) but there's even USB keys that could be used.

This is a more secure authentication method as an actual password doesn't have to be stored – the device's public key simply needs to be registered locally and WebAuthn handles the handshake between device and application, iirc, with the device/browser handling any UI interactions requesting identification. And for those devices that don't either don't support one of these methods or haven't been registered, then we can fallback to a temporary login token emailed to the user.

Since device registration would ideally only be possible within an authenticated account, then the only potentially insecure aspect of this scenario is a user's email account... and we'll.. we developers can't fix stupid.

@martinbean Ty, but I already have this. I am looking for comments about how implementation went, a devs experience working with it, the “ahhah”’s and the “gotchas”, etc. I can look documentation up all day long, but they never convey real world experience in dealing with it which is what I’m looking for.

@whoisthisstud Why don’t you just roll your sleeves up and get started?

@martinbean thanks for nothing

@whoisthisstud You could have been part-way through your integration if you had just actually started it instead of waiting for someone to mollycoddle you, hold you hand, tell you everything’s gonna be alright.

I hope you work for yourself and not wasting an employers’ time waiting to start tasks until a stranger on the Internet tells you it’s safe to do so.

@martinbean dude, you could've been a kind person and not been an arrogant prick, but alas here we are wasting time being arrogant pricks towards each other. I'm the type of person that needs data before making decisions – and I make damn good ones because of it. I SAVE people money because I take the time to do the research and do things the RIGHT WAY FROM THE START, and that takes lots of information, the best being ACTUAL EXPERIENCE, which is what I was seeking here. If you don't have it, then why in the heck did you even waste MY time posting on this thread? You could've simply moved on not saying a word, but you chose to be an arrogant prick and post some snide remark, apparently attempting to dislodge my thread off its tracks – hence my "thanks for nothing". Now, I'm sure you're a knowledgeable developer that knows WAY MORE than I on developing overall, possibly even including WebAuthn, but your knowledge and experience mean jack on this thread if you're unwilling to be a TEAM player or an EDUCATOR. Do you get pleasure out of demeaning those with less experience, or are you really less experience and possibly intimidated. Gtfo my thread! Go be useless prick elsewhere.

@whoisthisstud Do you feel better now…?

All you have to do is read the documentation I linked you to and make a start on the task. You’re not exactly “saving people money” if you won’t start a task for two days because you’re waiting for someone else to go, “Yeah, I did this and it was fine.”

I’m not going to paraphrase what something already written says. Like I say, you just need to roll up your sleeves and actually tackle the task that your client is paying you to do. I’d certainly be fired from my role if I kept telling my managers, “Sorry, I’ve not started that task yet because I’m waiting for someone on a forum to tell me what it’s like first.”

@martinbean, no but that's okay. We all have days.

You're right. If this task was an immediate need, then jumping right in and learning from my mistakes and personal experience could result in a step towards, or possibly even, completion. How would I know unless I did it, right?

That's so limiting.

Since I don't have an immediate deadline, only a request to familiarize myself with a subject, I am seeking advice from many angles and approaches – which doing so has provided a tremendous growth in myself and my production – and one of those being the experience of others.

As quoted by too many to name, "A fool learns from his own mistakes and a wise man learns from the mistakes of others."

This was the goal of this post, to be wise and learn from the mistakes of others, that you decided to shat on for whatever self-righteous reason you justify within your own mind. I think you think I was here asking for code and, if true, means you ass-u-me'd when you could've instead been helpful.

I appreciate the banter for the day, but I won't humor any more of your disparaging comments with a response, irregardless of how much of a fool you make yourself out to be thinking you're hurting me. Good day.

P.S. I do appreciate all of the XP I receive responding to you, though, so thanks for that. 😉

@aurawindsurfing ty, sir. Looks like I may be tackling it without any real life experience to go on. 🫤