FIDO2 passkey integration with traefik

This may have already been considered, but I would love to see traefik enhance the authentication to include passkeys from FIDO2. I would like to specify authorized users for a particular app, have traefik handle the details, and then just allow authorized users on to the final app.

This would be another type of middleware that would only be used if needed and once the rules were fulfilled.

This should be possible with 3rd party auth providers (authelia, authentik, …) using Traefik ForwardAuth middleware (doc).

I agree that traefik's architecture is well-suited for solutions from third parties, but does anyone have any concrete examples, or documented plans/roadmaps for support of passkeys from existing providers?

If this is a feature request, then you can put it on Traefik Github. But I highly doubt that the team will pick it up, Traefik‘s focus is on proxying, not on managing auth methods.

Traefik is open source, so you can (pay someone else to) implement the feature and do a pull request to get it merged.

Alternatively you can look into setting up authelia with 2FA (doc) and then look into how to integrate authelia with Traefik (doc). Internet search might help.