login submit passkey credential

apps/login/app/api/session/route.ts

@@ -1,11 +1,10 @@
-import { server, deleteSession, getSession, setSession } from "#/lib/zitadel";
+import { server, deleteSession } from "#/lib/zitadel";
 import {
   SessionCookie,
   getMostRecentSessionCookie,
   getSessionCookieById,
   getSessionCookieByLoginName,
   removeSessionFromCookie,
-  updateSessionCookie,
 } from "#/utils/cookies";
 import {
   createSessionAndUpdateCookie,
@@ -38,7 +37,7 @@ export async function PUT(request: NextRequest) {
   const body = await request.json();
 
   if (body) {
-    const { loginName, password, challenges } = body;
+    const { loginName, password, challenges, passkey } = body;
 
     const recentPromise: Promise<SessionCookie> = loginName
       ? getSessionCookieByLoginName(loginName).catch((error) => {
@@ -57,6 +56,7 @@ export async function PUT(request: NextRequest) {
           recent.token,
           recent.loginName,
           password,
+          passkey,
           domain,
           challenges
         ).then((session) => {

apps/login/lib/zitadel.ts

@@ -116,6 +116,7 @@ export async function setSession(
   sessionToken: string,
   domain: string | undefined,
   password: string | undefined,
+  passkey: { credentialAssertionData: any } | undefined,
   challenges: ChallengeKind[] | undefined
 ): Promise<SetSessionResponse | undefined> {
   const sessionService = session.getSession(server);
@@ -125,7 +126,7 @@ export async function setSession(
     ? sessionService.setSession(
         {
           ...payload,
-          checks: { password: { password } },
+          checks: { password: { password }, passkey },
         },
         {}
       )

apps/login/ui/LoginPasskey.tsx

@@ -63,23 +63,16 @@ export default function LoginPasskey({ loginName, challenge }: Props) {
     return res.json();
   }
 
-  async function submitLogin(
-    passkeyId: string,
-    passkeyName: string,
-    publicKeyCredential: any,
-    sessionId: string
-  ) {
+  async function submitLogin(data: any) {
     setLoading(true);
-    const res = await fetch("/api/passkeys/verify", {
+    const res = await fetch("/api/session", {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
       },
       body: JSON.stringify({
-        passkeyId,
-        passkeyName,
-        publicKeyCredential,
-        sessionId,
+        loginName,
+        passkey: data,
       }),
     });
 
@@ -95,6 +88,19 @@ export default function LoginPasskey({ loginName, challenge }: Props) {
 
   async function submitLoginAndContinue(): Promise<boolean | void> {
     console.log("login", publicKey);
+    if (publicKey) {
+      console.log(publicKey);
+      (publicKey as any).challenge = coerceToArrayBuffer(
+        (publicKey as any).challenge,
+        "publicKey.challenge"
+      );
+      (publicKey as any).allowCredentials.map((listItem: any) => {
+        listItem.id = coerceToArrayBuffer(
+          listItem.id,
+          "publicKey.allowCredentials.id"
+        );
+      });
+      console.log(publicKey);
       navigator.credentials
         .get({
           publicKey,
@@ -127,7 +133,7 @@ export default function LoginPasskey({ loginName, challenge }: Props) {
               },
             });
             console.log(data);
-          // return submitLogin(passkeyId, "", data, sessionId);
+            return submitLogin(data);
           } else {
             setLoading(false);
             setError("An error on retrieving passkey");
@@ -141,6 +147,7 @@ export default function LoginPasskey({ loginName, challenge }: Props) {
           return null;
         });
     }
+  }
 
   return (
     <div className="w-full">

apps/login/utils/session.ts

@@ -5,7 +5,7 @@ import {
   addSessionToCookie,
   updateSessionCookie,
 } from "./cookies";
-import { ChallengeKind, Session } from "@zitadel/server";
+import { ChallengeKind, Session, Challenges } from "@zitadel/server";
 
 export async function createSessionAndUpdateCookie(
   loginName: string,
@@ -51,20 +51,24 @@ export async function createSessionAndUpdateCookie(
   }
 }
 
+export type SessionWithChallenges = Session & { challenges: Challenges[] };
+
 export async function setSessionAndUpdateCookie(
   sessionId: string,
   sessionToken: string,
   loginName: string,
   password: string | undefined,
+  passkey: { credentialAssertionData: any } | undefined,
   domain: string | undefined,
   challenges: ChallengeKind[] | undefined
-): Promise<Session> {
+): Promise<SessionWithChallenges> {
   return setSession(
     server,
     sessionId,
     sessionToken,
     domain,
     password,
+    passkey,
     challenges
   ).then((updatedSession) => {
     if (updatedSession) {

packages/zitadel-server/src/index.ts

@@ -16,6 +16,7 @@ export { LoginSettings } from "./proto/server/zitadel/settings/v2alpha/login_set
 
 export {
   ChallengeKind,
+  Challenges,
   Challenges_Passkey,
 } from "./proto/server/zitadel/session/v2alpha/challenge";