jehrhardt / supapasskeys-rust-poc Goto Github PK

The goal of Supapasskeys has been to provide the best Passkey solution for Supabase. This will still be the goal in the future.

But this focus comes at the risk of binding the project completely to Supabase. That would be very sad as there are other Postgres hosting providers and also people self-hosting Postgres. It would make so much more sense for an open source project to be useable everywhere.

Solution

The new strategy is to go for 2 projects:

• Supapasskeys API: A multi-tenant Passkey server on top of Postgres
• Supabase Extension: Provides the best Passkey support for Supabase

Both will be independent projects on Github to ensure each one of them is clearly focused on its purpose.

Supapasskeys API

The Supapasskeys API will be rewritten in Rust. Supapasskeys uses already webauthn-rs and using Rust for the whole app has the following benefits:

• Small and efficient binaries (great for self-hosting and local development)
• Great language for services that aim for being stable instead of changing frequently
• Cargo features can be used to add specific code for integration with Supabase Extension (e.g. multi DB support)

Supabase Extension

The current code base will the foundation of Supabase extension. Therefore it will continue to be written in Elixir and use Phoenix LiveView. But we can completely focus on Supabase as the target platform.

Todos

• Rename current project
• Setup new supapasskeys Rust project

After the code split the Passkeys API must be implemented in pure Rust.

Non-goals

This about basic the basic Passkey registration and authentication APIs. Multi-tenancy and Passkey management are not in the scope.

API authentication will also be implemented separately.

Solution

We will use axum to implement the registration and authentication endpoints:

• POST /passkeys/registrations: Create a new registration→ 201 + create credentials options
• POST /passkeys/authentications: Create a new authentication → 201 + credentials request options
• PATCH /passkeys/registrations/:registration_id: Update the registration with attestation response → 204
• PATCH /passkeys/authentications/:authentication_id: Update the authentication with assertion response → 204

Server side relying party will be implemented using webauthn-rs.

Relying Party Config

For now the relying party will be configured by the following environment variables:

• RELYING_PARTY_NAME
• RELYING_PARTY_ORIGIN

The variables will eventually be removed, when multi-tenancy is implemented later.

Postgres

Supapasskeys will depend on basic Postgres 15. We will use SeaORM for database mapping and migration. Database migrations will be written in SQL, not in the SeaORM DSL.

Docker

The main branch needs to build a Docker image for amd64 and arm64 and publish it to Github packages. During CI a Docker build must be executed for amd64 only to verify the build.

Documentation

All required documentation goes into README.md.

Todos

• Implement API
• Add Dockerfile
• Update Github Actions
• Update documentation