feat(passkey): passkey provider, passkey login and WebAuthn MFA (extension)#279
Open
brkfun wants to merge 1 commit into
Open
feat(passkey): passkey provider, passkey login and WebAuthn MFA (extension)#279brkfun wants to merge 1 commit into
brkfun wants to merge 1 commit into
Conversation
…nsion) Browser-extension implementation of three coordinated passkey features (see the passbolt_api and passbolt_styleguide counterparts). Passkey / WebAuthn support is a long-standing community request. - Passkey provider (Passbolt as a WebAuthn authenticator for third-party sites): a MAIN-world page script overriding navigator.credentials.create()/get() and coexisting with the platform authenticator (delegates back on decline/cancel), a WebCrypto FIDO2 software authenticator (ES256) signing assertions from vault-stored passkeys, a quickaccess-style in-page ceremony (theme-aware side panel, with a window fallback when a site CSP blocks the frame), and inline autofill on conditional mediation. - Passkey login (passwordless): enrol/sign-in controllers + events and the split passphrase kit (client half in IndexedDB per profile, server half released by the API after a valid assertion) plus a local PIN service. - Passkey MFA: WebAuthn setup/verify wiring for the MFA provider. Includes 66 Jest tests; passes eslint (src --max-warnings 0).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request is a (multiple allowed):
Checklist
What you did
Browser-extension implementation of the three passkey features above.
Passkey provider (Passbolt as a WebAuthn authenticator for third-party sites):
navigator.credentials.create()/get(), coexisting with theplatform authenticator (delegates back on decline / cancel, Dashlane-style).
fallback when a site CSP blocks the extension frame; searchable resource picker; passphrase / PIN
unlock.
login field, racing the native autofill; whichever the user picks wins.
Passkey login (passwordless): controllers + events to enrol / sign-in, the split passphrase kit
(client half in IndexedDB per profile, server half from the API after a valid assertion) and a local
PIN service.
Passkey MFA: WebAuthn setup / verify wiring for the MFA provider.
User stories
navigator.credentials.create, when the user confirms in thePassbolt ceremony, then a passkey is stored in the vault and returned to the site.
offers that passkey inline; when the site narrows the request by username, then only the
matching passkey is offered.
then the passphrase is recovered from the kit and GPGAuth completes — without typing it.
Tests
7 new Jest suites (66 tests) — the fido2 get controller (allowCredentials filtering), the passkey
enrol / login controllers, the passkey + fido2 event handlers, the PIN service and the passkey API
client.
eslint src --max-warnings 0clean.