Smooth Authentication Flow on a Hololens 2 app

Question

I'm trying to implement a smooth authentication flow for an hololens 2 app in a no-internet environment. Following setup is running currently

• I'm hosting an identity server (Ory Kratos) with OAuth2 possibilities that holds user information.
• I'm hosting a resource API that only logged in users should be able to access.

The user should be able to access their resources within the HL app. Possibilities to solve this are

1. Redirecting the user to a 2D page like in this article. But typing a long password in an Augmented Reality app is hard.
2. Using a second device (smartphone/laptop) like in this blog. But requiring another device is suboptimal.

Both approaches are fine, but they both lack a smooth user experience. My idea was to utilize the Windows Accounts that are already on the HL device. Microsoft Docs has a small section on how to take advantage of linked identities on HoloLens, see here. But it doesn't really explain how to "link" them to a custom identity server.

So I was wondering, is it possible to use these Windows Accounts that are already on the HL device and somehow link them to my identity server?

Or does anybody have a better idea to provide a smooth authentication flow in Augmented Reality? I'm open for ideas.

Answer 1

Windows Hello may meet your requirement. It works with the Azure Active Directory account or Microsoft Account connected in Windows settings, and it replaces passwords with strong 2FA by verifying your biometric. Besides, in Windows Hello architecture you no longer need to host your Ory Kratos OAuth2 server.