mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-11 20:52:43 +00:00
passkeys set
This commit is contained in:
peintnermax
@@ -83,6 +83,8 @@ If no previous condition is met we throw an error stating the user was not found
|
||||
|
||||
> NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`. If a user has a cookie for the same loginname, a new session is created regardless and overwrites the old session. The old session is not deleted from the login as for now.
|
||||
|
||||
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
|
||||
|
||||
### /password
|
||||
|
||||
This page shows a password field to hydrate the current session with password as a factor.
|
||||
@@ -107,6 +109,8 @@ If the user has set up an additional **single** second factor, it is redirected
|
||||
|
||||
If none of the previous conditions apply, we continue to sign in.
|
||||
|
||||
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
|
||||
|
||||
### /otp/[method]
|
||||
|
||||
This page shows a code field to check an otp method. The session of the user is then hydrated with the respective factor. Supported methods are `time-based`, `sms` and `email`.
|
||||
@@ -154,6 +158,8 @@ Requests to the APIs made:
|
||||
When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.REQUIRED` as this will request the webAuthN method as primary method to login.
|
||||
After updating the session, the user is signed in.
|
||||
|
||||
> NOTE: This page currently does not check whether a user contains passkeys. If this method is not available, this page should not be used.
|
||||
|
||||
### /mfa/set
|
||||
|
||||
This page loads login Settings and the authentication methods for a user and shows setup options.
|
||||
@@ -175,6 +181,8 @@ At the moment, U2F methods are hidden if a method is already added on the users
|
||||
|
||||
> NOTE: The session and therefore the user factor defines which login settings are checked for available options.
|
||||
|
||||
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f or passkeys. The check whether a user should be redirected to one of the pages `/passkey/set` or `/u2f/set`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
|
||||
|
||||
### /passkey/set
|
||||
|
||||
<img src="./screenshots/passkeyset.png" alt="/passkey/set" width="400px" />
|
||||
@@ -188,6 +196,11 @@ Requests to the APIs made:
|
||||
- `registerPasskeyLink()`
|
||||
- `verifyPasskey()`
|
||||
|
||||
If the loginname decides to redirect the user to this page, a button to skip appears which will sign the user in afterwards.
|
||||
If a passkey is registered, we redirect the user to `/passkey` to again verify it and sign in with the new method.
|
||||
|
||||
> NOTE: Redirecting the user to `/passkey` will not be required in future and the currently used session will be hydrated directly after registering. (https://github.com/zitadel/zitadel/issues/8611)
|
||||
|
||||
### /otp/[method]/set
|
||||
|
||||
### /u2f/set
|
||||
|
||||
@@ -148,12 +148,39 @@ export default function RegisterPasskey({
|
||||
if (authRequestId) {
|
||||
params.set("authRequestId", authRequestId);
|
||||
params.set("sessionId", sessionId);
|
||||
// params.set("altPassword", ${false}); // without setting altPassword this does not allow password
|
||||
// params.set("loginName", resp.loginName);
|
||||
|
||||
router.push("/passkey?" + params);
|
||||
} else {
|
||||
router.push("/accounts?" + params);
|
||||
continueAndLogin();
|
||||
}
|
||||
}
|
||||
|
||||
function continueAndLogin() {
|
||||
if (authRequestId) {
|
||||
const params = new URLSearchParams({
|
||||
authRequest: authRequestId,
|
||||
});
|
||||
|
||||
if (sessionId) {
|
||||
params.set("sessionId", sessionId);
|
||||
}
|
||||
|
||||
if (organization) {
|
||||
params.set("organization", organization);
|
||||
}
|
||||
|
||||
router.push("/login?" + params);
|
||||
} else {
|
||||
const params = new URLSearchParams();
|
||||
|
||||
if (sessionId) {
|
||||
params.append("sessionId", sessionId);
|
||||
}
|
||||
if (organization) {
|
||||
params.append("organization", organization);
|
||||
}
|
||||
|
||||
router.push("/signedin?" + params);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -171,32 +198,7 @@ export default function RegisterPasskey({
|
||||
type="button"
|
||||
variant={ButtonVariants.Secondary}
|
||||
onClick={() => {
|
||||
if (authRequestId) {
|
||||
const params = new URLSearchParams({
|
||||
authRequest: authRequestId,
|
||||
});
|
||||
|
||||
if (sessionId) {
|
||||
params.set("sessionId", sessionId);
|
||||
}
|
||||
|
||||
if (organization) {
|
||||
params.set("organization", organization);
|
||||
}
|
||||
|
||||
router.push("/login?" + params);
|
||||
} else {
|
||||
const params = new URLSearchParams();
|
||||
|
||||
if (sessionId) {
|
||||
params.append("sessionId", sessionId);
|
||||
}
|
||||
if (organization) {
|
||||
params.append("organization", organization);
|
||||
}
|
||||
|
||||
router.push("/signedin?" + params);
|
||||
}
|
||||
continueAndLogin();
|
||||
}}
|
||||
>
|
||||
skip
|
||||
|
||||
Reference in New Issue
Block a user