Proposal /webauthn/otp-credentials route

[gaizkaeu]

Hello.

I'm implementing Rodauth for my latest project, first of all, let me tell all the contributors that it works incredibly well. I haven't had any troubleshooting to make it work.

MY ENV
Rails API ONLY
React + RTK QUERY (Typescript)
Rodauth json_only mode

OTP + WEBAUTHN SETUP

As the JSON-only feature is enabled, I can't do any GET requests, which is okay, however, I've had some problems while setting up otp and webauth in the frontend. Not for anything else that I've to do failed request to /otp-setup /webauthn-setup in order to get the setup keys.

Doing this, I've trouble handling these specific errors, as errors aren't mapped to any specific ts object.

Proposal

Simply create some (POST) /otp-credentials and /webauthn-credentials routes when rodauth is in JSON/JWT mode.

---

I know it might be possible to do these routes myself, as the internal_requests api exposes a otp_setup_params (requires account)method, and there might be something similar for webauthn.

However, I belive that this is a route that many developers might need and useful to implement in the gem.

Thank you!
Happy new year btw ;)

[jeremyevans]

The expected flow in JSON mode is to call /otp-setup and /webauth-setup the first time, have it fail and return the parameters, then submit a second request which uses the parameters and succeeds. I don't want to implement JSON-specific routes unless it is required for things to work, and I don't think it is required in this case. With your proposal, you would still need to make two requests, one to get the parameters and one to submit them. The only difference is the first request to get the parameters would not fail. However, I don't think the benefit of that is worth the maintenance cost.

[gaizkaeu]

Hello Jeremy.

I completely understand your point of view. Thank you for your reply!