Drupal Passkey

The dpk Module provides a Public Key authentication mechanism to login to
Drupal. It provides a passwordless authentication or a second factor after the
username-password.

Features

Multi-factor authentication provides a robust security on top of Drupal's
username-password authentication.

The dpk module adds a first/second factor in a multi-factor authentication
scenario for Drupal. When enabled alone it provides either a passwordless
login, or a second factor after Drupal's username-password. When enabled
with the sfa module, it can provide an alternative as a second factor along
with the TOTP authentication provided by sfa.

The dpk module works seemlessly with the sfa module to provide:
1. A password-less authentication mechanism via the passkey.
2. A 2-factor authentication (2fA) with either the dpk module or the sfa
module, or both modules.
3. A 3 -factor authentication (3fA) with both the dpk and the sfa modules.

Post-Installation

There are 2 approches of using this module.
1. User-centric: where the onus of security is on the user. The user can
choose to register one or more passkeys, which adds the first/second factor
in the authentication mechanism. On the configuration page, admin can set
the passkey to be the first or second factor. If set to the first factor,
to login the user can either use the username-password or the passkey
authentication mechanisms. If set as the second factor, after the username-password
validation, the user has to authenticate with the passkey.
2. Admin-centric: where the admin can impose users of some/all roles to
register at least one passkey; the user will be given 3 free logins by
which the user has to register a passkey, a failure to do so results
in the account being blocked.

The admin can impose this from the configuration page.

The module can be used as is without a change in the default values, which
results in the user-centric approach and passkey set to be the first factor.
Simply enable the module and register a passkey.

Additional Requirements

This module requires:

1. HTTPS; this is a hard requirement for this module.
2. PHP version >= 8.3
3. drush version >= 13
4. Drupal core 11
5. The following third party libraries are dependencies automatically installed by
composer while installing this module:
* web-auth/webauthn-symfony-bundle
* foroco/php-browser-detection
* symfony/clock
* symfony/http-client
6. The following third party library requires the root composer.json to be tweaked
in order to download it to the libraries folder when the module is installed.
This is described in detail in:
https://www.drupal.org/docs/develop/using-composer/manage-dependencies#t...
* npm-asset/simplewebauthn--browser

Recommended modules/libraries

The sfa (Drupal Second Factor Authentication) module enhances the security of
the authentication mechanism by providing 2fA or 3fA mechanisms.

Similar projects

The tfa module provides the TOTP authentication mechanism. This module
goes one step further by working seemlessly with the dpk module to provide
2-factor or 3-factor authentication mechanisms.

The dpk module works in conjunction with the sfa module to provide a variety of
authentication possibilities.
* Single factor [username-password -> Auth] OR [passkey -> Auth]
* Second factor [username-password -> passkey -> Auth] OR [username-password
-> TOTP -> Auth]
* Three factor [username-password -> passkey -> TOTP -> Auth]

Supporting this Module

Community Documentation

The docs module: Dpk Docs (dpk_docs)

A submodule Trails Docs (dpk_docs) is provided that provides these help
pages and more on the usage, configuration, installation ...etc. Enable the
docs module

drush pm:install dpk_docs

and browse to the docs at /admin/help/dpk . This submodule requires the opus module.
It will generate a few opus nodes and provide an index of all the document
pages.

You may continue to put additional information below here, if there are other things you think people need to know about your module!