Stenobird

Episode

Creating the WebAuthn Components Library for Phoenix LiveView Apps with Owen Bickford

Podcast
Elixir Wizards
Published
Nov 14, 2024
Duration seconds
3452
Processing state
processed
Canonical source
https://smartlogic.fireside.fm/s13-e05-webauthn-components-phoenix-liveview
Audio
https://aphid.fireside.fm/d/1437767933/03a50f66-dc5e-4da4-ab6e-31895b6d4c9e/fcc73e6e-2092-4a59-b47b-52f4a489bed4.mp3
JSON
/v1/public/podcasts/elixir-wizards/episodes/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford
Markdown
/podcast/elixir-wizards/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/elixir-wizards/episodes/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/elixir-wizards/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

Explore the transition from vulnerable password-based authentication to the more secure, user-friendly world of passkeys. Learn how the WebAuthnComponents library simplifies implementing hardware-backed, passwordless logins in Phoenix LiveView applications.

Topics

  • Elixir
  • Phoenix LiveView
  • WebAuthn
  • Passkeys
  • Asymmetric Cryptography
  • Cybersecurity
  • Authentication
  • Web Development

Highlights

  • Main idea: Passkeys leverage the WebAuthn API and asymmetric cryptography to eliminate the risks of database leaks and credential stuffing
  • Practical takeaway: Use the WebauthnComponents library to integrate hardware-based authentication like TPMs and Apple Keychain into Elixir apps
  • Failure mode: Relying solely on passwords leaves users vulnerable to SIM swapping and sophisticated phishing attacks
  • Implementation detail: The library utilizes Ecto schemas and LiveView components to manage the complex handshake between the browser and server
  • Strategic advice: Introduce passkeys as an optional, high-security alternative rather than forcing a sudden technology shift on all users

Chapters

  1. 1:00 The Evolution of Authentication: A brief history of moving from plain-text passwords to salted hashes and the inherent security flaws in each stage.
  2. 10:05 Understanding Passkeys and TPMs: How hardware-based modules like Trusted Platform Modules (TPM) manage credentials securely on modern devices.
  3. 14:05 Library Architecture and Flexibility: How the WebauthnComponents library uses migrations and configurable schemas to adapt to different application needs.
  4. 18:25 Asymmetric Cryptography in Practice: Comparing passkey mechanics to SSH keys and the benefits of public/private key pairs for secure logins.
  5. 23:00 Integrating WebAuthn into Phoenix: Using the library as a standalone authentication method within the Phoenix framework.
  6. 27:10 Managing User Experience and Support: Strategies for adopting new authentication tech without increasing customer support overhead or user friction.
  7. 35:45 The WebAuthn Handshake Flow: A technical walkthrough of managing challenges, attestations, and user creation via LiveView components.