Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add MFA for WebAuthn bindings #960

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

fix: add MFA for WebAuthn bindings #960

wants to merge 23 commits into from
+1,170 −53

Conversation

J0
Copy link
Contributor

@J0 J0 commented Sep 19, 2024
edited
Loading

What kind of change does this PR introduce?

We introduce bindings for MFA (WebAuthn) which consists of the following:

  1. enroll()
    a. Single Step - enroll({factorType: 'webauthn'})
    b. Multi-Step - enroll(factorType: 'webauthn, webAuthn{...})
  2. challenge() -
  3. verify()
    a. Single Step - verify({factorType: 'webauthn'})
    b. Multi-Step - verify({factorType: 'webauthn', webAuthn{..}})

We also expose a few helper methods:

  • identifyAuthenticationError
  • browserSupportsWebAuthn

J0
J0 commented Sep 19, 2024
View reviewed changes
src/lib/types.ts Outdated Show resolved Hide resolved
J0
J0 commented Oct 2, 2024
View reviewed changes
src/GoTrueClient.ts Outdated Show resolved Hide resolved
J0
J0 commented Oct 2, 2024
View reviewed changes
src/lib/types.ts
credential_request_options: { publicKey: PublicKeyCredentialRequestOptionsJSON }
}
error: null
}
| { data: null; error: AuthError }

export type AuthMFAListFactorsResponse =
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decide whether to include aaguid to image / authenticator type mapping for user: https://github.com/passkeydeveloper/passkey-authenticator-aaguids

or to include it in documentation

J0
J0 commented Oct 2, 2024
View reviewed changes
src/lib/types.ts

/** Timestamp in UNIX seconds when this challenge will no longer be usable. */
expires_at: number
credential_creation_options: { publicKey: PublicKeyCredentialCreationOptionsJSON }
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try to see if it's possible to merge this into a single type again

J0
J0 commented Oct 2, 2024
View reviewed changes
src/lib/helpers.ts
*
* Helper method to compliment `bufferToBase64URLString`
*/
export function base64URLStringToBuffer(base64URLString: string): ArrayBuffer {
Copy link
Contributor Author

@J0 J0 Oct 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can switch to base64URL-js as well. This is taken from simplewebauthn, I think they should be similar functionally

@J0 J0 marked this pull request as ready for review October 2, 2024 14:18
J0
J0 commented Oct 3, 2024
View reviewed changes
src/lib/types.ts
cause: Error
name?: string
}) {
// @ts-ignore: help Rollup understand that `cause` is okay to set
Copy link
Contributor Author

@J0 J0 Oct 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build fails because of this ts-ignore comment in this helper function, which is ported over from simple-webauthn. Removing this and the related function for identifying the type of navigator error will allow the build to compile.

Still figuring out how to resolve this so we can keep the function.

J0
J0 commented Oct 3, 2024
View reviewed changes
src/lib/types.ts
* The two types of credentials as defined by bit 3 ("Backup Eligibility") in authenticator data:
* - `"singleDevice"` credentials will never be backed up
* - `"multiDevice"` credentials can be backed up
*/
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Types are ported from Simple-WebAuthn will add a comment to acknowledge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@J0