Overview
PATAPIM supports WebAuthn/PassKey authentication for remote access sessions using @simplewebauthn/server v13+.
How It Works
- Register a PassKey (Touch ID, Windows Hello, hardware key) via the remote access UI
- Credentials stored at
~/.patapim/passkeys.json - Add the PassKey to the trusted list at
~/.patapim/trusted-passkeys.json - Authenticate remote sessions with biometrics
Security
- Challenge expiry: 5 minutes
- Only trusted PassKeys can authenticate (whitelist-based)
- JWT tokens are validated against the PassKey trust status
Supported Methods
- Touch ID (macOS)
- Windows Hello (Windows)
- Hardware security keys (YubiKey, etc.)