Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(webauthn): Add user verification to webauthn challenges #47253

Merged
merged 1 commit into from
Aug 15, 2024

Conversation

nickvergessen
Copy link
Member

Replacement PR for #44442

Require user verification if all tokens are registered
with UV flag, else discourage it

Signed-off-by: S1m <git@sgougeon.fr>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
@nickvergessen
Copy link
Member Author

/backport! to stable30

@nickvergessen nickvergessen merged commit 601b3b1 into master Aug 15, 2024
171 checks passed
@nickvergessen nickvergessen deleted the feat/webauthn-uv branch August 15, 2024 09:50
@skjnldsv skjnldsv added this to the Nextcloud 31 milestone Aug 16, 2024
@MrRinkana
Copy link

MrRinkana commented Nov 2, 2024

Am I understanding this PR correctly?:

  • This implements automatic detection of UV support for webauth devices:
    • If device supports UV at registration, UV is set to required
    • If device does not support UV, it is set to discouraged
  • It uses exclusively non-resident keys, residential are not supported yet.

How is the behaviour with multiple keys, what if a user adds one device supporting UV and one not?

This pr fixes: #41599
This pr closes (notplanned): #36530

Relevant/remaining topics around webauth:
Residential keys: #41191 (supersmooth loginflow)
Skip 2fa if UV is used: #21215
Configuration options for server admins/user if it makes sense

@Be-ing
Copy link

Be-ing commented Nov 2, 2024

Configuration options for server admins/user if it makes sense

Yes, administrators should have the option to require authenticators to support UV.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants