chore(passport): Passkeys userHandle generation redo #2708

betimshahini · 2023-10-05T10:56:56Z

Changes passkey identity to be based on a custom userId generated on the server-side, as opposed to the existing method of taking the authenticator credentialId and using that for identifying the account on our system.
Adds userId to the challenge, so it can be verified on the server-side during registration.
Adds credentialId to the verification process of the passkey authentication, so the credentialId that was provided by authenticator at registration is the same as the one that's providing the assertion now.

Old passkey registrations no longer work
Registration of new passkey results in a userId of the format wa_(42 character random hex string) in Passport Settings.
Same account & identity is resolved when logging on with the newly-generated passkey subsequently

betimshahini added 2 commits September 22, 2023 17:04

wip

d805ea3

Working implementation

bee8f3e

betimshahini marked this pull request as ready for review October 5, 2023 11:54

betimshahini changed the title ~~chore(passport):~~ chore(passport): Passkeys userHandle generation redo Oct 5, 2023

betimshahini requested review from Cosmin-Parvulescu and szkl October 5, 2023 11:57

szkl approved these changes Oct 5, 2023

View reviewed changes

betimshahini merged commit f43d794 into main Oct 6, 2023
14 checks passed

betimshahini deleted the chore/2695-passkey-encoding-validation branch October 6, 2023 06:32

Provide feedback