dwarl
Decoupled WebAuthn Register Login (dwarl) provides apis for user registration, login and management using webAuthn and JWT tokens, for decoupled front end apps such as PWAs.
Features
It has API endpoints to support the following feature:
- Register using phone or email (includes submodule with Twilio API integration for SMS) using a OTP (One time pass)
- Authenticate using password or passkey
- Forgot password flow
- Lost passkey flow
- Change email or phone with validation via OTP
- Change password using OTP or passkey
- Manage passkeys - list, add and remove
Post-Installation
The permissions need to be carefully set to ensure access is granted where appropriate.
Additional Requirements
This module is dependent upon:
Recommended modules/libraries
This module has no rate limits built in.
I suggest installing and configuring the Rate Limits module.
This module was based upon Decoupled Passkeys (Webauthn) but the scope of this project has grown much larger.
Similar projects
There is nothing similar at the moment that tries to tie all this together.
This is still very much dev at this point.
There is limited documentation at https://app.swaggerhub.com/apis/dahousecat/Dwarl/1.0.0#/ but not all endpoints are documented yet.
The most reliable documentation at this point is the tests.
They should all pass so document how each API endpoint is intended to be used.
There is an npm library to go with this module: https://www.npmjs.com/package/@felixfever/dwarl
But again this is still in development.