michael/cortex_status
1
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

[Auth] Implement WebAuthn/passkey authentication for private pages #5

New Issue
Open
opened 2026-03-25 21:42:08 +00:00 by michael · 0 comments
michael commented 2026-03-25 21:42:08 +00:00
Owner
Copy Link

Summary

Replace simple password gates with passkey (WebAuthn/FIDO2) auth for all non-public pages.

Implementation

  • Research Elixir WebAuthn libraries (e.g., wax)
  • User/credential Ecto schemas
  • Enrollment + login flows
  • Apply to: Telepathy, Mission Control, Blog Admin, Reflection
  • Remove old password gate

Pages to Protect

  • /telepathy, /tasks, /blog-admin, /reflection

Acceptance Criteria

  • Passkey enrollment works
  • All private pages require passkey
  • Works on mobile (Face ID / fingerprint)
  • Session persistence

Priority: Medium — needed before going more public

## Summary Replace simple password gates with passkey (WebAuthn/FIDO2) auth for all non-public pages. ## Implementation - Research Elixir WebAuthn libraries (e.g., `wax`) - User/credential Ecto schemas - Enrollment + login flows - Apply to: Telepathy, Mission Control, Blog Admin, Reflection - Remove old password gate ## Pages to Protect - `/telepathy`, `/tasks`, `/blog-admin`, `/reflection` ## Acceptance Criteria - [ ] Passkey enrollment works - [ ] All private pages require passkey - [ ] Works on mobile (Face ID / fingerprint) - [ ] Session persistence **Priority:** Medium — needed before going more public
michael added the
security
 label 2026-03-25 21:42:08 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
design

Design phase only

  
nervous-system

Cortex nervous system subsystems

  
security

Security and authentication

No Label
design
nervous-system
security
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: michael/cortex_status#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?