[POC] WebAuthn CLI #3 - Polling

[jenshenny]

What problem are you solving?

Prototype PR to adds support for WebAuthn on the CLI. Changes to the client can be found here: Client PR: Shopify/rubygems#38

Resources:

CLI Flows: https://docs.google.com/document/d/1FlIfW-zmvLmflOvo7oOUuEleQBTodo-8lVJdiRcYySw/edit#heading=h.kjywlfxfaool

What approach did you choose and why?

This flow is similar to the first prototype #56. and functionality is built from this prototype.

The main addition is 84e8803 commit.

This creates an api endpoint for the client to poll the WebAuthn OTP code from once verification is completed (api/v1/webauthn/:token/status). Currently, it returns a plain text response with the code or an error, however if this solution is chosen, I would consider a more robust response structure eg.

{
  status: "expired"
  code: nil
  error_message: "Link has expired, please try again"
}

On the client Shopify/rubygems#38, a thread is created when asking for OTP and it'll poll this endpoint for 5 mins, every 3 seconds changed it to 1 until a response returns.

Demo

Screen.Recording.2022-11-30.at.5.53.33.AM.mov

Notes / Stuff I haven't explored

• Maybe we should also accept TOTP in the client prompt, haven't explored killing the listener if an OTP is inputted and vice versa, continuing the process once WebAuthn verification is done.
• Polling interval could be increased? sometimes it's slow

[jchestershopify]

Closing as we are moving to the proper implementation.