I think I got it figured out 🙂 If you want to test it, you can swap your voidauth version to :edge from :latest. I wouldn’t recommend keeping it that way (‘edge’ is for testing the latest stuff), but if you get a chance to set it up let me know how it goes

Actually, you know what? I am going to take another crack at it 😅 Tracking progress here: https://github.com/voidauth/voidauth/issues/115

Unfortunately I have not been able to get that to work 😞 I did look into it, but there is quite a lot of redirecting going on during the OIDC flows and it was a real pain to try to get it all sorted. For now you will have to use a subdomain, like https://voidauth.example.com/

Pretty much as answered already, passkeys (sometimes branded like FaceID or Windows Hello but it is an open spec) are an alternative to passwords. Your public key that identifies your user is stored in VoidAuth and your private key is stored on your device. Some password managers support syncing passkeys, so you don’t have to set up a new passkey on every device.

The advantage over passwords is that they are domain and device specific, so are much harder to be leaked from the client side. VoidAuth (or other services) should only be storing your public key so a leak on the server side would not allow someone to log in as you.