Mirrors/wg-portal
1
0
Fork 0
mirror of https://github.com/h44z/wg-portal.git synced 2025-09-15 07:11:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add webauthn (passkey) support

Browse Source
This commit is contained in:
Christoph Haas
2025-05-12 22:53:43 +02:00
parent 6a96925be7
commit 1394be2341
28 changed files with 1603 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/documentation/configuration/examples.md
View File

@@ -32,6 +32,10 @@ database:
type: sqlite
dsn: data/sqlite.db
encryption_passphrase: change-this-s3cr3t-encryption-passphrase
auth:
webauthn:
enabled: true
```
## LDAP Authentication and Synchronization

15
docs/documentation/configuration/overview.md
View File

@@ -72,6 +72,8 @@ auth:
oidc: []
oauth: []
ldap: []
webauthn:
enabled: true
web:
listening_address: :8888
@@ -120,6 +122,7 @@ More advanced options are found in the subsequent `Advanced` section.
### `admin_password`
- **Default:** `wgportal`
- **Description:** The administrator password. The default password of `wgportal` should be changed immediately.
- **Important:** The password should be strong and secure. It is recommended to use a password with at least 16 characters, including uppercase and lowercase letters, numbers, and special characters.
### `admin_api_token`
- **Default:** *(empty)*
@@ -334,7 +337,7 @@ Options for configuring email notifications or sending peer configurations via e
## Auth
WireGuard Portal supports multiple authentication strategies, including **OpenID Connect** (`oidc`), **OAuth** (`oauth`), and **LDAP** (`ldap`).
WireGuard Portal supports multiple authentication strategies, including **OpenID Connect** (`oidc`), **OAuth** (`oauth`), **Passkeys** (`webauthn`) and **LDAP** (`ldap`).
Each can have multiple providers configured. Below are the relevant keys.
---
@@ -580,6 +583,16 @@ Below are the properties for each LDAP provider entry inside `auth.ldap`:
---
### WebAuthn (Passkeys)
The `webauthn` section contains configuration options for WebAuthn authentication (passkeys).
#### `enabled`
- **Default:** `true`
- **Description:** If `true`, Passkey authentication is enabled. If `false`, WebAuthn is disabled.
Users are encouraged to use Passkeys for secure authentication instead of passwords.
If a passkey is registered, the password login is still available as a fallback. Ensure that the password is strong and secure.
## Web
The web section contains configuration options for the web server, including the listening address, session management, and CSRF protection.