Support for Passwordless Authentication via FIDO Passkey

Background

Now that Apple, Google, and Microsoft have all announced their commitment to implement FIDO Passkey authentication, we should do the same, enabling our users to sign in without a password as long as a valid passkey is provided.

Requirements / Open Questions

1. Ability to set up passkey authentication in GitLab
2. ability to revoke existing passkeys
3. How will it work with SSO providers?
4. What will the login flow look like? How will the login page need to change when there is no password?
5. Scope - this should work everywhere you use a login credential
6. How does it work with existing hardware key over SSH support?

Designs

See designs attached in this issue: UX: Designs for GitLab Passkey Support (#431051 - closed)

Helpful Resources

• Supporting Passkeys in Shop's Authentication Flows: https://shopify.engineering/supporting-passkeys-in-shop-authentication-flows
  • This post has examples of using 'webauthn' gem that we rely on. We will likely provide support for Passkey Authentication based on this gem.
• https://www.yubico.com/blog/a-yubico-faq-about-passkeys/
• https://www.yubico.com/blog/passkeys-and-the-future-of-modern-authentication/
• How-to: Go Passwordless with Microsoft Accounts & YubiKey: https://www.youtube.com/watch?v=sI7yWHim-2Y