Should security-web-authn guide and quickstart use Hibernate Reactive by default? #36438
Comments
quarkus-bot
bot
added
area/hibernate-reactive
|
/cc @DavideD (hibernate-reactive), @Sanne (hibernate-reactive), @gavinking (hibernate-reactive), @sberyozkin (security) |
|
@FroMage has implemented the feature, Steph, please investigate |
|
Also CC-ing @michalvavrik who may have an opinion about it, given his recent work on the OIDC DB token state manager, where he chose to use reactive DB clients |
|
Hey, I can't say more to this topic than you already know. I'm sure of that, but I'll summarize:
Also, I'm happy to help with rewriting this to Hibernate ORM, but judging by my queue of Quarkus issue, I can't start before 2 weeks from now. |
|
Did I make it use Hibernate Reactive? I can't recall. My pet project using WebAuthn uses ORM, since Renarde doesn't support HR yet. @michalvavrik feel free to change the guide and quickstart, and check out https://github.com/FroMage/quarkus-renarde-todo/blob/main/src/main/java/util/MyWebAuthnSetup.java for a working example with ORM. |
|
Just wanted to give a +1 for this. The "beginners guide" for WebAuthn should not be using Reactive. Keep it simple. (I had to rewrite it for my own app too.) |
|
Sorry, I little bit forget about this, I'll have a look when I'm back in the middle of January. Apologies.
Reactive approach has pros during auth described in previous comments, I understand your position, but I'm definitely not excited about this change, it's more like no-one supported my position, hence we shall migrate. |
|
I tried to create a REALLY minimal demo of quarkus-webauhn. No reactive. Even no database or real entities at all. Just mocks. https://github.com/Doogiemuc/quarkus-webauthn-minimal-demo But I am having some problems. When trying to register a new user on Mac Safari with Fingerprint I get the error:
I see that the class NoneAttestation.java seem to check for this specific AAGUID. But where or how can I set it during register? |
|
I'm not sure, but could you file a new issue for this please? |
The
security-web-authnguide and quickstart are using Hibernate Reactive and I don't think it's something mandatory when using security-web-authn?If not, I think we would rather have a security-web-authn quickstart that is not using HR and maybe rename the existing one to security-web-authn-reactive.
And the guide should be based on the non-reactive one.
As now mentioned in the Hibernate Reactive guide, we are recommending using Hibernate ORM for most workloads, except when you need high concurrency so Hibernate ORM should be the default for our guides when HR is not mandatory.
Especially since it makes things a tad more complex and might have bring more complexity than needed to explain the concepts of this particular feature.
/cc @sberyozkin I'm not sure who worked on that, could you coordinate this (if it makes sense and I'm not mistaken that HR is not mandatory)?
(This issue is part of various things noted when I added the
:topics:to the guides)The text was updated successfully, but these errors were encountered: