Support for Webauthn (also known as Passkeys)

niels.de.bruijn Public · Oct 25 2022

This new industry standard enables end users to logon to (web) apps using a passkey that is stored securely on their devices (ie. smartphone, tablet, etc.).

Advantages:

- No password (manager) is required

- No 2-factor authentication is required by the identity provider

- More secure: the private key (passkey) is securely stored on selected devices and is not stored on the server. Also, phishing attempts are not possible using the mechanism.

APEX should introduce a new authentication scheme to support Webauthn. This authentication scheme would be able to interact with identity providers that support Webauthn (like Azure Active Directory).

This is currently on the roadmap for a future release of Oracle APEX.

Comments

sameer OP 3.2 years ago

Interesting.
martin.dsouza APEX Team OP 3.1 years ago

Supporting two factor authentication (2FA) is also a good option. Adrian Png has some open source solutions that can be looked at: https://fuzziebrain.com/content/id/1718/
dgp.holtman OP 2.6 years ago

Great idea!

Also, I'm happy to see that 2FA is on the roadmap:
https://apexapps.oracle.com/pls/apex/r/apex_pm/ideas/details?idea=FR-1950&session=9056644910565
anton.scheffer OP 6 weeks ago

For an opensource solution, see https://github.com/antonscheffer/APEX-Passkeys.
Not 2FA though.

92 Voters

Support for Webauthn (also known as Passkeys)

Feature

Comments

Comments