feat: session v2 passkey authentication (#5952)

2025-08-11 21:17:32 +00:00 · 2023-06-07 17:28:42 +02:00
parent f7157b65f4
commit f456168a74
39 changed files with 1261 additions and 162 deletions
--- a/internal/repository/session/session.go
+++ b/internal/repository/session/session.go
@@ -5,19 +5,22 @@ import (
 	"encoding/json"
 	"time"

+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/repository"
 )

 const (
-	sessionEventPrefix  = "session."
-	AddedType           = sessionEventPrefix + "added"
-	UserCheckedType     = sessionEventPrefix + "user.checked"
-	PasswordCheckedType = sessionEventPrefix + "password.checked"
-	TokenSetType        = sessionEventPrefix + "token.set"
-	MetadataSetType     = sessionEventPrefix + "metadata.set"
-	TerminateType       = sessionEventPrefix + "terminated"
+	sessionEventPrefix    = "session."
+	AddedType             = sessionEventPrefix + "added"
+	UserCheckedType       = sessionEventPrefix + "user.checked"
+	PasswordCheckedType   = sessionEventPrefix + "password.checked"
+	PasskeyChallengedType = sessionEventPrefix + "passkey.challenged"
+	PasskeyCheckedType    = sessionEventPrefix + "passkey.checked"
+	TokenSetType          = sessionEventPrefix + "token.set"
+	MetadataSetType       = sessionEventPrefix + "metadata.set"
+	TerminateType         = sessionEventPrefix + "terminated"
 )

 type AddedEvent struct {
@@ -141,6 +144,78 @@ func PasswordCheckedEventMapper(event *repository.Event) (eventstore.Event, erro
 	return added, nil
 }

+type PasskeyChallengedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Challenge          string                             `json:"challenge,omitempty"`
+	AllowedCrentialIDs [][]byte                           `json:"allowedCrentialIDs,omitempty"`
+	UserVerification   domain.UserVerificationRequirement `json:"userVerification,omitempty"`
+}
+
+func (e *PasskeyChallengedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasskeyChallengedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func (e *PasskeyChallengedEvent) SetBaseEvent(base *eventstore.BaseEvent) {
+	e.BaseEvent = *base
+}
+
+func NewPasskeyChallengedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	challenge string,
+	allowedCrentialIDs [][]byte,
+	userVerification domain.UserVerificationRequirement,
+) *PasskeyChallengedEvent {
+	return &PasskeyChallengedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PasskeyChallengedType,
+		),
+		Challenge:          challenge,
+		AllowedCrentialIDs: allowedCrentialIDs,
+		UserVerification:   userVerification,
+	}
+}
+
+type PasskeyCheckedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	CheckedAt time.Time `json:"checkedAt"`
+}
+
+func (e *PasskeyCheckedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasskeyCheckedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func (e *PasskeyCheckedEvent) SetBaseEvent(base *eventstore.BaseEvent) {
+	e.BaseEvent = *base
+}
+
+func NewPasskeyCheckedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	checkedAt time.Time,
+) *PasswordCheckedEvent {
+	return &PasswordCheckedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PasskeyCheckedType,
+		),
+		CheckedAt: checkedAt,
+	}
+}
+
 type TokenSetEvent struct {
 	eventstore.BaseEvent `json:"-"`