Passkey-Based WebAuthn Authentication for Rocket.Chat

[ramizik]

🔐 Passkey-Based WebAuthn Authentication for Rocket.Chat

Overview

This issue tracks the implementation of a passwordless authentication system in Rocket.Chat using the WebAuthn standard. This upgrade will improve user security and login experience by enabling biometric-based passkeys (e.g., FaceID, fingerprint) and secure device-based authentication.

Goals 🎯

• ✅ Integrate WebAuthn-based registration and login flows
• ✅ Support passkeys with biometric or hardware authentication
• ✅ Ensure seamless frontend UX for WebAuthn interaction
• ✅ Enable QR Code and Bluetooth transport for cross-device login
• ✅ Store public keys securely in the Rocket.Chat database
• ✅ Maintain backward compatibility with existing login methods

Timeline ⏳

Week 1 (Research & Setup):

• Study Rocket.Chat's authentication system
• Explore WebAuthn and FIDO2 libraries
• Set up local development environment and prototype basic flows

Weeks 2-4:

• Implement backend support using @simplewebauthn/server
• Create secure database schema for passkey storage
• Build React components for passkey registration/login

Weeks 5-7:

• Add support for Bluetooth hybrid transport and QR code login
• Handle unsupported environments and provide fallbacks
• Begin internal testing and usability feedback

Weeks 8-9:

• Extend REST API as needed for new authentication methods
• Add security-focused unit and integration tests
• Finalize documentation for developers and users

Technologies & Tools 🛠️

• Node.js
• React.js
• MongoDB
• WebAuthn API
• FIDO2
• Rocket.Chat authentication modules
• simplewebauthn (server + browser)

Expected Outcomes 🎖️

• A secure, production-ready passkey login feature
• Enhanced usability and reduced reliance on traditional passwords
• Documentation and guidance for enabling WebAuthn in Rocket.Chat
• A more modern authentication flow for desktop and mobile users

[ramizik]

Full-length proposal submitted to Google Summer of Code

Proposal (1).pdf