About

Let's Ident is zero-knowledge, serverless, headless passkey authentication. Powered by the open source Gratos project, it stores only public key material. User identity lives in your application; we handle the complexity of WebAuthn credential storage and session management.

Let's Ident is inspired by Let's Encrypt, but for authentication. It is not affiliated with the ISRG in any way. The goal is simple, make it really easy to add a one click authentication experience to any website. This includes static websites.

Sessions are becoming increasingly more important because of automated scraping. However right now sessions are a pain to implement, because they are heavy weight and generally require users to disclose their name, email, and likely more information.

We leverage WebAuthn and passkeys to provide the most secure and frictionless experience available today. Built around Public Key Infrastructure (PKI), passkeys allow you to create secure sessions without requiring users to disclose sensitive personal information. It's not just the most secure option, it's also the easiest to use, letting you get straight to building your core product.

Usage

Let's Ident is designed for modern web development. We ship a lightweight Preact component (with more coming soon) that can be easily integrated into any web application, whether you're using React, Preact, or even plain HTML. This component handles the entire passkey ceremony and session management on your behalf. Specific instructions for how to install and integrate the component into your project are available once you sign up.

FAQ

What is zero knowledge identity (ZKI)?

ZKI is when you have a stable authentication method, but you do not know who the user is. You just know you have the same returning user. This works by leveraging the public key infrastructure (PKI) of webauthn. Let's Ident manages the passkey ceremonies and provides sessions on your own domain.

How can I identify my user if I do not have their email?

You will eventually get your users' information, however it will happen when the user wants to give it, not when you force them to hand it to you. For example, if they want to buy your service, they will go through a checkout process and disclose their information then. You keep this data in your database. Let's Ident is just serving you a stable UUID that you can use on your side.

What is progressive disclosure?

Progressive disclosure is the principle that users shouldn't be forced to share their data until it's absolutely necessary. With Let's Ident, you can authenticate users and create accounts instantly. You only request sensitive information (like name or email) when there's a clear reason to provide it. This data lives where it belongs: in your database, not ours.

Aren’t passkeys meant for second-factor authentication?

Passkeys are popularly used as a second factor authentication method, however they do not need to be. In fact, if you have a passkey enabled with Google, it will now use it as a first factor. Let's Ident shifts passkeys to be first factor by default.

Do you ship as a component?

Yes, we believe authentication should be as easy as dropping a component into your page. We currenty ship a Preact component that is highly compatible with most modern web environments, providing a "headless" experience where you maintain full control over your site's look and feel.

How do you make money?

Our service is free to use. Our software is free and open source and available on GitHub. It is licensed under the AGPLv3. You are free to run this service yourself, as long as any modifications are submitted back to us per the AGPLv3. If you would like an alternative license, we are happy to sell you one.