feat: WebAuthN Sign In, Sign Up and Options methods support - NEW #952
Conversation
victorbojica
changed the title
| | { status: "GENERATED_OPTIONS_ID_MISSING_ERROR" } | ||
| >; | ||
|
|
||
| verifyCredentials(input: { |
There was a problem hiding this comment.
this function has identical func signature as registerPasskeys. Are both, this and the other function needed?
There was a problem hiding this comment.
yes. one logs in the user, the other adds a credential to the database
There was a problem hiding this comment.
Thats too high level of an explanation.. what will be the exact diff between the implementation of them? Its not like the signIn will create a session - so it doesn't "log in" the user.
Deploying supertokens-node-pr-check-for-edge-function-compat with
|
| Latest commit: |
ced57b1
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://ad4fff7f.supertokens-node-b95.pages.dev |
| }): Promise< | ||
| { status: "OK"; user: User; recipeUserId: RecipeUserId } | { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } | ||
| >; | ||
| }; |
There was a problem hiding this comment.
need more functions to have CRUD operation on credential IDs? How will a
There was a problem hiding this comment.
@victorbojica, you missed this comment?
| @@ -154,6 +154,7 @@ export type GetPhoneNumbersForFactorsFromOtherRecipesFunc = ( | |||
|
|
|||
| export const FactorIds = { | |||
| EMAILPASSWORD: "emailpassword", | |||
| WEBAUTHN: "webauthn", | |||
There was a problem hiding this comment.
this will also result in changes to the existing loginMethodsGET API in multitenancy recipe.
| email: string; | ||
| } | ||
| | { | ||
| session: SessionContainerInterface; |
There was a problem hiding this comment.
when is only a session needed? And how will we get the email from the session? What if the currently logging in user has no email, or what if the currently logged in user has multiple emails (cause they are a primary user with multiple emails)
There was a problem hiding this comment.
If there is no email, it will throw. I've added the error. As for when there are multiple emails i was thinking of only using the email from the webauthn login method. Basically allowing register passkey to be used if the user is logged in with webauthn. If there is no session, they should pass one of the other options...
What do you think ?
| } | ||
| | { status: "EMAIL_ALREADY_EXISTS_ERROR" } | ||
| // when the attestation is checked and is not valid or other cases in whcih the authenticator is not correct | ||
| | { status: "INVALID_AUTHENTICATOR_ERROR" } |
There was a problem hiding this comment.
is there nothing else we need to tell the user when this error happens? Like why was the authenticator invalid?
| userId: string; | ||
| } | ||
| | { status: "WRONG_CREDENTIALS_ERROR" } | ||
| | { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } |
There was a problem hiding this comment.
shouldnt this also have INVALID_AUTHENTICATOR_ERROR as an output?
| | { status: "GENERATED_OPTIONS_ID_MISSING_ERROR" } | ||
| >; | ||
|
|
||
| verifyCredentials(input: { |
There was a problem hiding this comment.
Thats too high level of an explanation.. what will be the exact diff between the implementation of them? Its not like the signIn will create a session - so it doesn't "log in" the user.
| recipeUserId: RecipeUserId; | ||
| } | ||
| | { status: "EMAIL_ALREADY_EXISTS_ERROR" } | ||
| | { status: "WRONG_CREDENTIALS_ERROR" } |
There was a problem hiding this comment.
need INVALID_AUTHENTICATOR_ERROR here?
| }): Promise< | ||
| { status: "OK"; user: User; recipeUserId: RecipeUserId } | { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" } | ||
| >; | ||
| }; |
There was a problem hiding this comment.
@victorbojica, you missed this comment?
ONLY REVIEW REQUIRED. NOTHING TESTED YET.
Summary of change
Implement WebAuthN support according to:
https://docs.google.com/document/d/1G7tO9_dSNi8wur3ajGg4pq-wiHatKDbHv2sBt-uSbQg/edit#heading=h.olee876uqu8a
Related
Check #942 for more feedback
Test Plan
No testing at the moment.
Documentation changes
Will have to add WebAuthN recipe documentation
Checklist for important updates
coreDriverInterfaceSupported.jsonfile has been updated (if needed)lib/ts/version.tsfrontendDriverInterfaceSupported.jsonfile has been updated (if needed)package.jsonpackage-lock.jsonlib/ts/version.tsnpm run build-prettyrecipe/thirdparty/providers/configUtils.tsfile,createProviderfunction.git tag) in the formatvX.Y.Z, and then find the latest branch (git branch --all) whoseX.Yis greater than the latest released tag.add-ts-no-check.jsfile to include thatsomeFunc: function () {..}).exportsinpackage.jsonRemaining TODOs for this PR