[#674] Refactor account auth types #675
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… from profile, username from account into identifiers
… phone and username for BC
…thn unverified by default
18 tasks
* add app-env.json and update port * Update app-env.json * Update app-env.json * update detect-secrets, update secrets baseline * update secrets baseline * update makefile versioning * Update Makefile Fix typo * print version * upgrade go to v1.20 * fix secrets * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * [#659] WebAuthn authentication (#7) * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * fix error handling * fix login issues for mobile * upgrade dependencies * [#659] webauthn authentication (#8) * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * fix error handling * fix login issues for mobile * upgrade dependencies * add webauthn to account check types * add configs for authenticator selection to supported auth type params (#10) * upgrade dependencies * [#665] Decouple authentication and verification mechanisms (#13) * add configs for authenticator selection to supported auth type params * start adding verification types (contains errors) [#665] * continue splitting auth and verification types [#665] * finish implementing password auth type, start code verification type, add phone verifier interface [#665] * finish refactoring identifier, auth types, start updating apis [#665] * finish fixing errors [#665] * fix passkey errors [#665] * bug fixes, email with passkey not working because no params in email auth type * update identifier impl and auth impl getters to better handle backwards compatibility (has errors) * bug fixes, email and passkey not completing registration * add json omitempty tags to credential structs * better identifier type parsing * passkeys using email and username identifiers working * start fixing phone, passkey auth * bug fixes for phone and passkey, better error messages * simplify phone verifier interface * phone auth type link working, add authCommunicationChannel interface to handle verification functions * add ability to link webauthn credentials to accounts * only set username if empty * Change messages handling for verification * remove commented blocks * cleanup * return verified auth types when cannot find account with username but not identifier * bug fixes * fix phone auth type docs --------- Co-authored-by: Stephen Hurwit <sjhurwit@gmail.com> Co-authored-by: akshadpai <akshadpai01@gmail.com> * add missing verify email env var to app-env.json * Auth-verify split fixes (#16) * bug fixes * update secrets baseline * fix issues introduced by nullable device IDs * fix username format * update secrets baseline * fix sign up bug * disable request docs validation * fix startup error for caching auth type * fix pkce generation * fix random string interface * set user agent for oidc requests * revert auth type changes * revert core models, go mod, auth interface impl, remove phone verifier interface * revert web package webauthn additions, update API docs * fix storage files * revert auth.go --------- Co-authored-by: Stephen Hurwit <sjhurwit@gmail.com> Co-authored-by: Stephen Hurwit <10472810+shurwit@users.noreply.github.com> Co-authored-by: akshadpai <akshadpai01@gmail.com>
roberlander2
changed the base branch from
659-webauthn-authentication
to
develop
roberlander2
changed the base branch from
develop
to
659-webauthn-authentication
…email on account migration
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR refactors account auth types into account identifiers and account auth types. This allows a user to sign in with any combination of identifier and auth type on the account. It also allows users to link and unlink identifiers and auth types independently, unless dealing with external auth types and identifiers (e.g., OIDC).
Resolves #674
Review Time Estimate
Please give your idea of how soon this pull request needs to be reviewed by selecting one of the options below. This can be based on the criticality of the issue at hand and/or other relevant factors.
Type of changes
Please select a relevant option:
Checklist:
Please select all applicable options: