https://github.com/passport/todos-express-webauthn

Todo app using Express and Passport for passwordless sign in with passkeys or security keys.
https://github.com/passport/todos-express-webauthn

credential-management example express fido fido2 nodejs passkey passport passwordless sqlite webauthn

Last synced: 4 days ago
JSON representation

Todo app using Express and Passport for passwordless sign in with passkeys or security keys.

• Host: GitHub
• URL: https://github.com/passport/todos-express-webauthn
• Owner: passport
• Created: 2019-07-12T15:10:27.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2023-09-07T22:42:33.000Z (over 1 year ago)
• Last Synced: 2025-04-29T06:26:53.584Z (19 days ago)
• Topics: credential-management, example, express, fido, fido2, nodejs, passkey, passport, passwordless, sqlite, webauthn
• Language: JavaScript
• Homepage:
• Size: 495 KB
• Stars: 37
• Watchers: 4
• Forks: 11
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

        
# todos-express-webauthn

This app illustrates how to use [Passport](https://www.passportjs.org/) with

[Express](https://expressjs.com/) to sign users in with a passkey or a security

key.  Use this example as a starting point for your own web applications.

## Quick Start

To run this app, clone the repository and install dependencies:

```bash

$ git clone https://github.com/passport/todos-express-webauthn.git

$ cd todos-express-webauthn

$ npm install

```

Then start the server.

```bash

$ npm start

```

Navigate to [`http://localhost:3000`](http://localhost:3000).

## Overview

This app illustrates how to build a todo app with sign in functionality using

Express, Passport, and the [`passport-fido2-webauthn`](https://www.passportjs.org/packages/passport-fido2-webauthn/)

strategy.

This app is a traditional web application, in which application logic and data

persistence resides on the server.  HTML pages and forms are rendered by the

server and client-side JavaScript is kept to a minimum.

This app is built using the Express web framework.  Data is persisted to a

[SQLite](https://www.sqlite.org/) database.  HTML pages are rendered using [EJS](https://ejs.co/)

templates, and are styled using vanilla CSS.

When a user first arrives at this app, they are prompted to sign in.  To sign

in, the [Web Authentication](https://www.w3.org/TR/webauthn-2/) API is used to

prompt the user for their passkey or security key.  Once authenticated, a login

session is established and maintained between the server and the user's browser

with a cookie.

After signing in, the user can view, create, and edit todo items.  Interaction

occurs by clicking links and submitting forms, which trigger HTTP requests.

The browser automatically includes the cookie set during login with each of

these requests.

When the server receives a request, it authenticates the cookie and restores the

login session, thus authenticating the user.  It then accesses or stores records

in the database associated with the authenticated user.

## License

[The Unlicense](https://opensource.org/licenses/unlicense)

## Credit

Created by [Jared Hanson](https://www.jaredhanson.me/)