From 0a1001eb0bd2d1f7c0624ae1ef8ae7ccdb3447d4 Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Thu, 5 Feb 2026 15:35:01 -1000
Subject: Add passkey (WebAuthn) authentication support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enable passwordless login via passkeys as an alternative to password auth.
Users register passkeys from Settings; the login page offers both options.
WebAuthn is optional — only active when WEBAUTHN_RP_ID and WEBAUTHN_ORIGIN
env vars are set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 internal/config/config.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'internal/config/config.go')

diff --git a/internal/config/config.go b/internal/config/config.go
index 2d77025..86d0d5b 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -35,6 +35,10 @@ type Config struct {
 
 	// Display
 	Timezone string // IANA timezone name (e.g., "Pacific/Honolulu")
+
+	// WebAuthn
+	WebAuthnRPID   string // Relying Party ID (domain, e.g., "doot.terst.org")
+	WebAuthnOrigin string // Expected origin (e.g., "https://doot.terst.org")
 }
 
 // Load reads configuration from environment variables
@@ -67,6 +71,10 @@ func Load() (*Config, error) {
 
 		// Display
 		Timezone: getEnvWithDefault("TIMEZONE", "Pacific/Honolulu"),
+
+		// WebAuthn
+		WebAuthnRPID:   os.Getenv("WEBAUTHN_RP_ID"),
+		WebAuthnOrigin: os.Getenv("WEBAUTHN_ORIGIN"),
 	}
 
 	// Validate required fields
-- 
cgit v1.2.3