Skip to content

Commit

Permalink
fix: don't treat passkeys as AAL2 (#3853)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hperl
hperl committed Mar 26, 2024
1 parent b7fd23b commit 8eee972
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions selfservice/strategy/passkey/passkey_registration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@ func TestRegistration(t *testing.T) {

i, _, err := fix.reg.PrivilegedIdentityPool().FindByCredentialsIdentifier(fix.ctx, identity.CredentialsTypePasskey, userID)
require.NoError(t, err)
assert.Equal(t, "aal1", i.AvailableAAL.String)
assert.Equal(t, email, gjson.GetBytes(i.Traits, "username").String(), "%s", actual)
})
}
Expand Down
2 changes: 1 addition & 1 deletion selfservice/strategy/passkey/passkey_strategy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func (s *Strategy) CompletedAuthenticationMethod(context.Context, session.Authen
}

func (s *Strategy) CountActiveMultiFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) {
return s.countCredentials(cc)
return 0, nil
}

func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) {
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/profiles/passkey/.kratos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ selfservice:
settings:
ui_url: http://localhost:4455/settings
privileged_session_max_age: 5m
required_aal: aal1
required_aal: highest_available

logout:
after:
Expand Down Expand Up @@ -52,4 +52,4 @@ identity:

session:
whoami:
required_aal: aal1
required_aal: highest_available

0 comments on commit 8eee972

Please sign in to comment.