I have been checking out OPAQUE for sometime. But I couldn't find any reliable javascript implementation that I can use in my webapp. Do you know of any such implementations.
There are two scenarios in your "webapp". In both scenarios your connection a client should be secured with TLS (HTTPS)
1. Humans, should be authenticated with WebAuthn. This means now they can't get phished (a major threat today), their credentials can't be stolen (even from you, you only have a worthless public key and an arbitrary identifier), their privacy is protected as best possible, and most likely their platform is also looking out for them (e.g. on an iPhone the fingerprint sensor so their kid sister can't even authenticate to your webapp from their phone)
2. Machines should be authenticated with either public key encryption (mutually authenticated TLS) if you're up to it or random revokable tokens issued by your service for that purpose to a human end user.
PAKEs are most valuable when you do not have a secure connection, but a webapp should have a secure connection over HTTPS already.
1. Humans, should be authenticated with WebAuthn. This means now they can't get phished (a major threat today), their credentials can't be stolen (even from you, you only have a worthless public key and an arbitrary identifier), their privacy is protected as best possible, and most likely their platform is also looking out for them (e.g. on an iPhone the fingerprint sensor so their kid sister can't even authenticate to your webapp from their phone)
2. Machines should be authenticated with either public key encryption (mutually authenticated TLS) if you're up to it or random revokable tokens issued by your service for that purpose to a human end user.
PAKEs are most valuable when you do not have a secure connection, but a webapp should have a secure connection over HTTPS already.