,
14 tweets,
7 min read
Read on Twitter
Today I wanna share a little about the way I'm doing stuff behind the scenes. This place is often a highlight reel and that can be very intimidating. So, follow me behind the curtain and follow me into the mess that is making stuff.
So: Last week I was asked about Web Authentication in WordPress. The new-ish Web Authentication API is something I wanted to look in but didn't get around to so far. I said "I don't know" and googling it later, I found that there's apparently nothing for WebAuthn in WP yet.
So I thought "Time to take a look!" and started reading MDN for Web Authentication (developer.mozilla.org/en-US/docs/Web…). It's a solid description of the browser API and the process, but it left me with open questions. I wrote those down.
Soon I noticed that there's a bunch of concepts that MDN touches on, but doesn't explain - like how the server validates the credentials. So I started digging into the spec draft - w3c.github.io/webauthn/#sctn…
1.) Look at intro & examples
2.) Look for specific info on the gaps I had.
1.) Look at intro & examples
2.) Look for specific info on the gaps I had.
I won't lie: This can be confusing and may feel like an uphill battle. That's why I usually start writing my first implementation - even if there are libraries, I want to understand how it's done first. You just learned the building blocks, now start to assemble.
Be warned, though - what you'll build will be throwaway code and building the first implementation with a new thing usually won't go smoothly.
Plot twist: That's what you want. It won't go smooth because of knowledge gaps that are hard to spot otherwise. Find the gaps, fill 'em!
Plot twist: That's what you want. It won't go smooth because of knowledge gaps that are hard to spot otherwise. Find the gaps, fill 'em!
In my concrete case, I built a very naive, limited and rough prototype to see if I understand the flow. It had a server-side and a client-side and worked only for the use case I cared about. This was good - I can now be relatively sure that I understand the basics of the process.
To get there, I had read plenty of articles, other people's implementations (notably github.com/herrjemand/FID… was amazing!). Don't be afraid to learn from others or even ask someone you know to help you! We're all in this together🤗
Anyway. That was only one part of the journey - we wanted to make this a WordPress plugin. So I started figuring out how make one. WP has a guide for this at codex.wordpress.org/Writing_a_Plug… and that turned out to be a good starting point!
Now I wrote a first version of the plugin. This took me a few days - it involed:
- thinking about how the process should look like from a user's perspective
- figuring out with actions & filters I needed to hook into
- implementing the server-side in PHP
- thinking about how the process should look like from a user's perspective
- figuring out with actions & filters I needed to hook into
- implementing the server-side in PHP
Often you find yourself dealing with lots of moving parts. In this case I write down all the bits I need to do & then gradually expand on the first unresolved part on the list until I'm done with it & proceed to the next. Clear your head from the things that you'll get to later.
And et voila: I made all the bits and pieces come together 🥳
Will I release any of this code? HELL NO.
The purpose of this was entirely to learn how it works.
There are libs (e.g. github.com/davidearl/weba…) that do all this in a much nicer, cleaner way.
For the plugin, I will contribute to github.com/georgestephani….
Anyway, happy learning!
The purpose of this was entirely to learn how it works.
There are libs (e.g. github.com/davidearl/weba…) that do all this in a much nicer, cleaner way.
For the plugin, I will contribute to github.com/georgestephani….
Anyway, happy learning!
@threadreaderapp unroll
