mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-14 19:57:37 +00:00
feat: session v2 passkey authentication (#5952)
This commit is contained in:
Tim Möhlmann
26
proto/zitadel/session/v2alpha/challenge.proto
Normal file
26
proto/zitadel/session/v2alpha/challenge.proto
Normal file
@@ -0,0 +1,26 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package zitadel.session.v2alpha;
|
||||
|
||||
import "google/protobuf/struct.proto";
|
||||
import "protoc-gen-openapiv2/options/annotations.proto";
|
||||
|
||||
option go_package = "github.com/zitadel/zitadel/pkg/grpc/session/v2alpha;session";
|
||||
|
||||
enum ChallengeKind {
|
||||
CHALLENGE_KIND_UNSPECIFIED = 0;
|
||||
CHALLENGE_KIND_PASSKEY = 1;
|
||||
}
|
||||
|
||||
message Challenges {
|
||||
message Passkey {
|
||||
google.protobuf.Struct public_key_credential_request_options = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions"
|
||||
example: "{\"publicKey\":{\"allowCredentials\":[{\"id\":\"ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM\",\"type\":\"public-key\"}],\"challenge\":\"GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA\",\"rpId\":\"localhost\",\"timeout\":300000,\"userVerification\":\"required\"}}"
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
optional Passkey passkey = 1;
|
||||
}
|
||||
@@ -2,7 +2,6 @@ syntax = "proto3";
|
||||
|
||||
package zitadel.session.v2alpha;
|
||||
|
||||
import "google/api/field_behavior.proto";
|
||||
import "google/protobuf/timestamp.proto";
|
||||
import "protoc-gen-openapiv2/options/annotations.proto";
|
||||
import "validate/validate.proto";
|
||||
@@ -45,6 +44,7 @@ message Session {
|
||||
message Factors {
|
||||
UserFactor user = 1;
|
||||
PasswordFactor password = 2;
|
||||
PasskeyFactor passkey = 3;
|
||||
}
|
||||
|
||||
message UserFactor {
|
||||
@@ -78,6 +78,14 @@ message PasswordFactor {
|
||||
];
|
||||
}
|
||||
|
||||
message PasskeyFactor {
|
||||
google.protobuf.Timestamp verified_at = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "\"time when the passkey challenge was last checked\"";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
message SearchQuery {
|
||||
oneof query {
|
||||
option (validate.required) = true;
|
||||
|
||||
@@ -5,9 +5,11 @@ package zitadel.session.v2alpha;
|
||||
|
||||
import "zitadel/object/v2alpha/object.proto";
|
||||
import "zitadel/protoc_gen_zitadel/v2/options.proto";
|
||||
import "zitadel/session/v2alpha/challenge.proto";
|
||||
import "zitadel/session/v2alpha/session.proto";
|
||||
import "google/api/annotations.proto";
|
||||
import "google/api/field_behavior.proto";
|
||||
import "google/protobuf/struct.proto";
|
||||
import "protoc-gen-openapiv2/options/annotations.proto";
|
||||
import "validate/validate.proto";
|
||||
|
||||
@@ -242,6 +244,7 @@ message CreateSessionRequest{
|
||||
description: "\"custom key value list to be stored on the session\"";
|
||||
}
|
||||
];
|
||||
repeated ChallengeKind challenges = 3;
|
||||
}
|
||||
|
||||
message CreateSessionResponse{
|
||||
@@ -257,6 +260,7 @@ message CreateSessionResponse{
|
||||
description: "\"token of the session, which is required for further updates of the session or the request other resources\"";
|
||||
}
|
||||
];
|
||||
Challenges challenges = 4;
|
||||
}
|
||||
|
||||
message SetSessionRequest{
|
||||
@@ -287,6 +291,7 @@ message SetSessionRequest{
|
||||
description: "\"custom key value list to be stored on the session\"";
|
||||
}
|
||||
];
|
||||
repeated ChallengeKind challenges = 5;
|
||||
}
|
||||
|
||||
message SetSessionResponse{
|
||||
@@ -296,6 +301,7 @@ message SetSessionResponse{
|
||||
description: "\"token of the session, which is required for further updates of the session or the request other resources\"";
|
||||
}
|
||||
];
|
||||
Challenges challenges = 3;
|
||||
}
|
||||
|
||||
message DeleteSessionRequest{
|
||||
@@ -330,6 +336,11 @@ message Checks {
|
||||
description: "\"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request.\"";
|
||||
}
|
||||
];
|
||||
optional CheckPasskey passkey = 3 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "\"Checks the public key credential issued by the passkey client. Requires that the user is already checked and a passkey challenge to be requested, in any previous request.\"";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
message CheckUser {
|
||||
@@ -363,3 +374,15 @@ message CheckPassword {
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
message CheckPasskey {
|
||||
google.protobuf.Struct credential_assertion_data = 1 [
|
||||
(validate.rules).message.required = true,
|
||||
(google.api.field_behavior) = REQUIRED,
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "JSON representation of public key credential issued by the passkey client";
|
||||
min_length: 55;
|
||||
max_length: 1048576; //1 MB
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user