fix: improvements for WebAuthN (#1105)

* add missing translations * add missing passwordless funcs in api * remove u2f with verification from setup in login
2025-08-11 18:07:31 +00:00 · 2020-12-15 16:44:16 +01:00
parent 7463bf4fe0
commit 71df1bcd0e
14 changed files with 150 additions and 11 deletions
--- a/pkg/grpc/auth/proto/auth.proto
+++ b/pkg/grpc/auth/proto/auth.proto
@@ -337,6 +337,15 @@ service AuthService {
    };
  }

+  rpc GetMyPasswordless(google.protobuf.Empty) returns (WebAuthNTokens) {
+    option (google.api.http) = {
+      get: "/users/me/passwordless"
+    };
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
  rpc AddMyPasswordless(google.protobuf.Empty) returns (WebAuthNResponse) {
    option (google.api.http) = {
      post: "/users/me/passwordless"
@@ -666,6 +675,16 @@ message MfaOtpResponse {
  MFAState state = 4;
 }

+message WebAuthNTokens {
+  repeated WebAuthNToken tokens = 1;
+}
+
+message WebAuthNToken {
+  string id = 1;
+  string name = 2;
+  MFAState state = 3;
+}
+
 message WebAuthNResponse {
  string id = 1;
  bytes public_key = 2;
--- a/pkg/grpc/management/proto/management.proto
+++ b/pkg/grpc/management/proto/management.proto
@@ -409,6 +409,26 @@ service ManagementService {
    };
  }

+  rpc GetPasswordless(UserID) returns (WebAuthNTokens) {
+    option (google.api.http) = {
+      get: "/users/{id}/passwordless"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "user.read"
+    };
+  }
+
+  rpc RemovePasswordless(WebAuthNTokenID) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/users/{user_id}/passwordless"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "user.write"
+    };
+  }
+
  // Sends an Notification (Email/SMS) with a password reset Link
  rpc SendSetPasswordNotification(SetPasswordNotificationRequest) returns (google.protobuf.Empty) {
    option (google.api.http) = {
@@ -1656,6 +1676,16 @@ message UserID {
  string id = 1 [(validate.rules).string.min_len = 1];
 }

+message WebAuthNTokens {
+  repeated WebAuthNToken tokens = 1;
+}
+
+message WebAuthNToken {
+  string id = 1;
+  string name = 2;
+  MFAState state = 3;
+}
+
 message WebAuthNTokenID {
  string user_id = 1 [(validate.rules).string.min_len = 1];
  string id = 2 [(validate.rules).string.min_len = 1];
@@ -3097,6 +3127,7 @@ enum PasswordlessType {
  PASSWORDLESSTYPE_ALLOWED = 1;
 }

+
 message IdpProviderID {
  string idp_config_id = 1 [(validate.rules).string = {min_len: 1}];
 }