-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: WebAuthN Sign In, Sign Up and Options methods support - NEW #952
base: feat/webauthn/base
Are you sure you want to change the base?
Conversation
| { status: "GENERATED_OPTIONS_ID_MISSING_ERROR" } | ||
>; | ||
|
||
verifyCredentials(input: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this function has identical func signature as registerPasskeys. Are both, this and the other function needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes. one logs in the user, the other adds a credential to the database
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thats too high level of an explanation.. what will be the exact diff between the implementation of them? Its not like the signIn will create a session - so it doesn't "log in" the user.
Deploying supertokens-node-pr-check-for-edge-function-compat with Cloudflare Pages
|
}): Promise< | ||
{ status: "OK"; user: User; recipeUserId: RecipeUserId } | { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } | ||
>; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need more functions to have CRUD operation on credential IDs? How will a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@victorbojica, you missed this comment?
@@ -154,6 +154,7 @@ export type GetPhoneNumbersForFactorsFromOtherRecipesFunc = ( | |||
|
|||
export const FactorIds = { | |||
EMAILPASSWORD: "emailpassword", | |||
WEBAUTHN: "webauthn", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will also result in changes to the existing loginMethodsGET API in multitenancy recipe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
email: string; | ||
} | ||
| { | ||
session: SessionContainerInterface; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when is only a session needed? And how will we get the email from the session? What if the currently logging in user has no email, or what if the currently logged in user has multiple emails (cause they are a primary user with multiple emails)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there is no email, it will throw. I've added the error. As for when there are multiple emails i was thinking of only using the email from the webauthn login method. Basically allowing register passkey to be used if the user is logged in with webauthn. If there is no session, they should pass one of the other options...
What do you think ?
} | ||
| { status: "EMAIL_ALREADY_EXISTS_ERROR" } | ||
// when the attestation is checked and is not valid or other cases in whcih the authenticator is not correct | ||
| { status: "INVALID_AUTHENTICATOR_ERROR" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there nothing else we need to tell the user when this error happens? Like why was the authenticator invalid?
userId: string; | ||
} | ||
| { status: "WRONG_CREDENTIALS_ERROR" } | ||
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldnt this also have INVALID_AUTHENTICATOR_ERROR
as an output?
| { status: "GENERATED_OPTIONS_ID_MISSING_ERROR" } | ||
>; | ||
|
||
verifyCredentials(input: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thats too high level of an explanation.. what will be the exact diff between the implementation of them? Its not like the signIn will create a session - so it doesn't "log in" the user.
recipeUserId: RecipeUserId; | ||
} | ||
| { status: "EMAIL_ALREADY_EXISTS_ERROR" } | ||
| { status: "WRONG_CREDENTIALS_ERROR" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need INVALID_AUTHENTICATOR_ERROR
here?
}): Promise< | ||
{ status: "OK"; user: User; recipeUserId: RecipeUserId } | { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } | ||
>; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@victorbojica, you missed this comment?
ONLY REVIEW REQUIRED. NOTHING TESTED YET.
Summary of change
Implement WebAuthN support according to:
https://docs.google.com/document/d/1G7tO9_dSNi8wur3ajGg4pq-wiHatKDbHv2sBt-uSbQg/edit#heading=h.olee876uqu8a
Related
Check #942 for more feedback
Test Plan
No testing at the moment.
Documentation changes
Will have to add WebAuthN recipe documentation
Checklist for important updates
coreDriverInterfaceSupported.json
file has been updated (if needed)lib/ts/version.ts
frontendDriverInterfaceSupported.json
file has been updated (if needed)package.json
package-lock.json
lib/ts/version.ts
npm run build-pretty
recipe/thirdparty/providers/configUtils.ts
file,createProvider
function.git tag
) in the formatvX.Y.Z
, and then find the latest branch (git branch --all
) whoseX.Y
is greater than the latest released tag.add-ts-no-check.js
file to include thatsomeFunc: function () {..}
).exports
inpackage.json
Remaining TODOs for this PR