I've worked on a new feature for this blog. The ability to add multiple passkeys to a single user. I wanted to be able to connect from my phone as well to potentially write articles on the go (it most probably won't happen).

The idea was simple. On a logged device, generate a code. On the new device, go to an specific page, enter the username and the code you received. If the code is valid, we start the registration process for this device the same way we did for the account creation.

I stumbled into a lot of problems, having the same code being written in multiple places in the same file, the whole process was very messy and not manageable. I did a refactor of my user creation process.

Previously, I would do that entirely in Javascript in the front-end. I would call and api to generate my passkey options, I would generate the passkey, then validate it. Boom, done. I changed that. Now, you fill, the form, the form submit, the server generate the options and send them back to another page in which we load the options, generate the passkeys and then validate the passkey. Which allows me to use the same page for account creation and for adding a new device to an account.

Now, I have two similar process (with their small differences) that use the same common step for validating the passkey.

I also realized what I was doing wrong regarding the storing of passkey transports since the beginning. When the passkey is generated, the transports is an Array of string. To store it in the database, I convert it to a single string. But when I retrieved it from the database, I wasn't converting it back to an Array, which led to an error when I wanted to add a verification to ensure a user is not registering the same authenticators twice. It sounds like a lot of rookie mistakes, but now, I feel stronger regarding passkeys and I really like them.

I like the idea of authorizing a device rather than having to remember passwords. It has some drawbacks, like it's not portable if you loose access to your device. I should implement something like a passkey reset to authorize a new device if you lost access to all your devices. I will need to store an email or a communication method. Setting up an email server and sending emails sounds interesting.

On another note, I built a whole Markdown parser and converter to HTML so that I could use some styles in my blog posts, but I realize I only write text without any formatting --'

It's a bit stupid. But maybe it will come with time as I write articles and work on the website style.