passkeys set

2025-12-13 21:40:45 +00:00 · 2024-09-17 13:28:12 +02:00
parent c1a487c233
commit f03a50fdcb
2 changed files with 44 additions and 29 deletions
--- a/apps/login/readme.md
+++ b/apps/login/readme.md
@@ -83,6 +83,8 @@ If no previous condition is met we throw an error stating the user was not found
 > NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`. If a user has a cookie for the same loginname, a new session is created regardless and overwrites the old session. The old session is not deleted from the login as for now.
 > NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
 ### /password
 This page shows a password field to hydrate the current session with password as a factor.
@@ -107,6 +109,8 @@ If the user has set up an additional **single** second factor, it is redirected
 If none of the previous conditions apply, we continue to sign in.
 > NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
 ### /otp/[method]
 This page shows a code field to check an otp method. The session of the user is then hydrated with the respective factor. Supported methods are `time-based`, `sms` and `email`.
@@ -154,6 +158,8 @@ Requests to the APIs made:
 When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.REQUIRED` as this will request the webAuthN method as primary method to login.
 After updating the session, the user is signed in.
 > NOTE: This page currently does not check whether a user contains passkeys. If this method is not available, this page should not be used.
 ### /mfa/set
 This page loads login Settings and the authentication methods for a user and shows setup options.
@@ -175,6 +181,8 @@ At the moment, U2F methods are hidden if a method is already added on the users
 > NOTE: The session and therefore the user factor defines which login settings are checked for available options.
 > NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f or passkeys. The check whether a user should be redirected to one of the pages `/passkey/set` or `/u2f/set`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
 ### /passkey/set
 <img src="./screenshots/passkeyset.png" alt="/passkey/set" width="400px" />
@@ -188,6 +196,11 @@ Requests to the APIs made:
 - `registerPasskeyLink()`
 - `verifyPasskey()`
 If the loginname decides to redirect the user to this page, a button to skip appears which will sign the user in afterwards.
 If a passkey is registered, we redirect the user to `/passkey` to again verify it and sign in with the new method.
 > NOTE: Redirecting the user to `/passkey` will not be required in future and the currently used session will be hydrated directly after registering. (https://github.com/zitadel/zitadel/issues/8611)
 ### /otp/[method]/set
 ### /u2f/set
--- a/apps/login/src/ui/RegisterPasskey.tsx
+++ b/apps/login/src/ui/RegisterPasskey.tsx
@@ -148,12 +148,39 @@ export default function RegisterPasskey({
    if (authRequestId) {
      params.set("authRequestId", authRequestId);
      params.set("sessionId", sessionId);
      // params.set("altPassword", ${false}); // without setting altPassword this does not allow password
      // params.set("loginName", resp.loginName);
      router.push("/passkey?" + params);
    } else {
-      router.push("/accounts?" + params);
+      continueAndLogin();
    }
  }
  function continueAndLogin() {
    if (authRequestId) {
      const params = new URLSearchParams({
        authRequest: authRequestId,
      });
      if (sessionId) {
        params.set("sessionId", sessionId);
      }
      if (organization) {
        params.set("organization", organization);
      }
      router.push("/login?" + params);
    } else {
      const params = new URLSearchParams();
      if (sessionId) {
        params.append("sessionId", sessionId);
      }
      if (organization) {
        params.append("organization", organization);
      }
      router.push("/signedin?" + params);
    }
  }
@@ -171,32 +198,7 @@ export default function RegisterPasskey({
            type="button"
            variant={ButtonVariants.Secondary}
            onClick={() => {
-              if (authRequestId) {
+              continueAndLogin();
                const params = new URLSearchParams({
                  authRequest: authRequestId,
                });
                if (sessionId) {
                  params.set("sessionId", sessionId);
                }
                if (organization) {
                  params.set("organization", organization);
                }
                router.push("/login?" + params);
              } else {
                const params = new URLSearchParams();
                if (sessionId) {
                  params.append("sessionId", sessionId);
                }
                if (organization) {
                  params.append("organization", organization);
                }
                router.push("/signedin?" + params);
              }
            }}
          >
            skip