This is a WebAuthN flow that stores credentials without the need for a username or password on the server.

The user is prompted to sign up using an Authenticator. If the operating system supports ECDSA secp256r1, the OS may be the authenticator, otherwise a mobile phone or security key can be used as a roaming authenticator.

When you press "Register User" you will be prompted to create a passkey for this server. This passkey is personal to you. Because there is no password to remember and no username to ask for, there is little or no opportunity for phishing attacks. Further, there is no password to steal from the server, and no personally identifying information need even be provided, if so desired. For this reason, passkeys are now mandatory for some scenarios, such as internal healthcare and finance application login, and growing as a consumer login choice for the public web.

While registering the user and creating a passkey, a public key is created according to the WebAuthN protocol, which is used to register a fresh "smart" account on the Stellar network. A Stellar account is a way of offloading your authentication, authorisation and account management onto highly secure external infrastructure, as an alternative to say Cloud auth providers, that has in-built account transaction processing functionality.

When you press "Sign In", your passkey is used to sign a server generated challenge, and that is passed to the Stellar smart account. That in turn authenticates and authorises on the basis of your signin, to, in this simple use case, update a global sign in logbook. It illustrates how with a simple process of signing up and signing in, and with your own custom logic for your Stellar smart account, you can securely implement almost any account related functionality, share it across apps within your organisation, or even with business partners, and offload it onto extremely robust, reliable and secure external infrastructure.

A full explanation of the source is in the DEV.TO link in the header.