Update this module to support multiple registered devices

[ScopeyNZ]

With #11 the ability to store multiple devices on this method has been added - however there's no UI for it. Currently the flow when you set up the method still is completely relevant as you will always start with some keys.

My recommendation is that we introduce a new UI to replace the reset action when managing a WebAuthn method. The new UI will list existing devices you have registered and provide the ability to add new or remove existing methods.

In terms of API - we currently support registering multiple keys through the API if you remove this line: https://github.com/silverstripe/silverstripe-webauthn-authenticator/blob/master/src/RegisterHandler.php#L154

After this is done we can potentially look at allowing "single-platform" authenticators again.

(cc @silverstripeux if there's some ideas for "device management" UIs)

[brynwhyman]

We're talking to Yubico for #15 and they have "highly recommended" this feature.

If this was implemented, also introducing the ability to rename or add a note to each registered key would be nice, i.e "Work" and "Home/ back-up".

[ScopeyNZ]

I'm happy to help contribute to this feature, but I have no idea how this should look from a UX perspective. It needs a new screen.

[brynwhyman]

Maybe this is a good opportunity to flex those UX design muscles of yours @ScopeyNZ!

[ScopeyNZ]

Haha. Maybe...

Currently, when reviewing your MFA settings it gives you a section that says "Security key: registered" and it gives you the option to reset, remove, or set as default.

I'm thinking that we remove the reset and remove options, and replace with an "update" or something. Then we can have some variation of this screen to show you your existing registered devices - allowing you to remove existing ones and add new ones:

https://projects.invisionapp.com/share/3PNSKZQYBJZ#/screens/333728361

And then maybe we should give an option after registering a key to return to this new screen, so you can do multiple in one go. This would tie into the "on first login" flow too.

[Cheddam]

Just a tiny extra note on this from discussion with Yubico - part of the testing effort on this implementation should cover ensuring that a single key can't be registered in multiple instances against the same user.