I expect you’re wondering what I’ve been up to. I don’t blame you, I’ve been wondering too.
In order that we can all sleep easy at night, I think I’m going to blog a bit of a developer diary.
I’m not sure I’ll manage a post every day, but I’ll try to keep a regular commentary.
In all seriousness I don’t expect it to be of great interest to anyone else, but in the past I’ve found it a useful discipline to keep a log of what I’ve been doing each day, and I may as well do it here.
Since finishing with Sketch I’ve been playing with a few very small new projects, but I’ve also spent a lot of time catching up on a large backlog of boring admin tasks.
I’ve no doubt that I’ll talk about some of my own projects in the future, but actually the thing I’ve been working on most over the last couple of weeks is the open source project Safari-FIDO-U2F.
I got interested in the idea of using hardware keys for authentication a year or so ago, and bought a couple of cheap ones to play around with.
Having done so I discovered that there’s no native support for them in Safari! Luckily there was a plugin project on Github that looked like it might do the trick.
I gave it a go, and it didn’t really work, but I decided to rummage around a bit in the code, and came up with one or two minor suggestions which I submitted as PRs.
The original developer got in touch and said words to the effect of “thanks very much, but I’m afraid I’m not really maintaining it any more as I no longer use OS X” for work.
The project appealed to me, so I decided that I’d keep hacking away at it anyway, and after a bit of back-and-forth I sort of ended up inheriting it.
I think what attracted me most, other than the chance to get the keys working, was just that it was a really small codebase, and I figured that even with my very limited free time, I might be able to actually help.
So last year I tinkered with it every now and then, but that limited free time thing made it hard to do much.
It also turned out to be quite a specialised domain, and although there wasn’t much code, it was quite gnarly. FIDO U2F support in general is at a pretty early stage, and only really works out of the box on Chrome. This means that sites which support it at all sometimes assume that if you’re not using Chrome, there’s no point bothering. They also sometimes make assumptions based on the Google/Chrome implementation, which the Safari plugin has to try to play along with.
Because of all this, not a lot happened to it in 2017, but even with very limited input from me, a few people showed a bit of interest in using it, and I still quite wanted to be able to use it myself. So when I had some free time this year, I decided I’d take another look, and I’ve spent a few days over the last couple of weeks doing quite a bit of rewriting.
It’s still not perfect, but it is now starting to actually work. Most critically, I can use it log into Github with a hardware key, which was my original use case.
I won’t go into any more detail here about the actual code. Take a look at the Github project if you’re interested, or ping me.
It’s been a fun little project, and I expect I’ll keep tinkering with it for a while, though I suspect it has a limited lifespan.
Ultimately I imagine that either U2F keys will take off, in which case support will get baked into Safari itself and this plugin will become obsolete, or someone will come up with a better mechanism for hardware two-factor authentication, and U2F will slide off into obscurity, taking the plugin with it :)