Skip to content

feat: Add support for WebAuthn in MFA [v0.50.0] #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Aug 15, 2025
Merged

feat: Add support for WebAuthn in MFA [v0.50.0] #906

merged 18 commits into from
Aug 15, 2025

Conversation

bcbogdan
Copy link
Contributor

@bcbogdan bcbogdan commented Jul 29, 2025
edited
Loading

Summary of change

This PR adds WebAuthn/Passkey support as a multi-factor authentication (MFA) factor.
The feature also involves a change in the web-js to include the account linking parameter in the api requests: supertokens/supertokens-web-js#134

The implementation adds the following screens in the MFA flow UI:

Secondary factor selection

image

Sign In

image

Sign Up Confirmation

image

There's also a sign up screen that's similar to the original one from webauthn. This should be visible when no email has been extracted from the MFA claim during the initial load phase. Although I'm not sure if this is a scenario that can actually happen.

Test Plan

I checked the new changes manually.
I'll add new test cases after I fix the sign up bug.

Documentation changes

  • Add a separate guide/page that shows how to use webauthn as a second factor. Check what promptless generates
  • Update the SDK references

Checklist for important updates

  • Changelog has been updated
  • frontendDriverInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In package.json
    • In package-lock.json
    • In lib/ts/version.ts
  • Had run npm run build-pretty
  • Had installed and ran the pre-commit hook
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.
  • If added a new recipe interface, then make sure that the implementation of it uses NON arrow functions only (like someFunc: function () {..}).
  • If I added a new recipe, I also added the recipe entry point into the size-limit section of package.json with the size limit set to the current size rounded up.
  • If I added a new recipe, I also added the recipe entry point into the rollup.config.mjs
  • If I added a new login method, I modified the list in lib/ts/types.ts
  • If I added a factor id, I modified the list in lib/ts/recipe/multifactorauth/types.ts

Remaining TODOs for this PR

  • Add tests
  • Fix access token error thrown by the node SDK during sign up

@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch from 5519620 to f737808 Compare July 29, 2025 08:54
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 29, 2025
edited
Loading

size-limit report 📦

Path Size
lib/build/index.js 26.68 KB (0%)
recipe/session/index.js 27.37 KB (0%)
recipe/session/prebuiltui.js 32.24 KB (0%)
recipe/thirdparty/index.js 34.44 KB (0%)
recipe/emailpassword/index.js 13.85 KB (0%)
recipe/emailverification/index.js 10.16 KB (0%)
recipe/passwordless/index.js 17.73 KB (0%)
recipe/emailverification/prebuiltui.js 36.96 KB (0%)
recipe/thirdparty/prebuiltui.js 56.57 KB (0%)
recipe/emailpassword/prebuiltui.js 43.51 KB (0%)
recipe/passwordless/prebuiltui.js 131.36 KB (0%)
recipe/multitenancy/index.js 8.98 KB (0%)
recipe/multifactorauth/index.js 13.77 KB (0%)
recipe/multifactorauth/prebuiltui.js 35.92 KB (+0.07% 🔺)
recipe/oauth2provider/index.js 9.75 KB (0%)
recipe/oauth2provider/prebuiltui.js 34.33 KB (0%)
recipe/webauthn/index.js 16.63 KB (+30.33% 🔺)
recipe/webauthn/prebuiltui.js 68.74 KB (+13.48% 🔺)

@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch 2 times, most recently from e9f662e to b83a40f Compare July 29, 2025 09:38
@bcbogdan bcbogdan requested a review from porcellus July 29, 2025 09:44
porcellus
porcellus requested changes Jul 30, 2025
View reviewed changes
@coolbueb coolbueb changed the base branch from master to 0.50 August 3, 2025 11:06
@coolbueb coolbueb changed the title feat: Add support for webauthn in MFA feat: Add support for WebAuthn in MFA [v0.50.0] Aug 3, 2025
bcbogdan added 2 commits August 4, 2025 14:09
@bcbogdan
feat: Add support for webauthn in MFA
7cf150d 
Update build

Add paths

Add component

Add sign in

Add forms
@bcbogdan
chore: Code review fixes
9ecb812
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch 7 times, most recently from 05df905 to 2d2214c Compare August 4, 2025 18:11
graphite-app[bot]
graphite-app bot reviewed Aug 4, 2025
View reviewed changes
@niftyvictor
feat: renamed registerCredential to createCredential and added `r…
32159eb 
…egisterCredentialWithUser` method for user-specific credential registration
@niftyvictor
fix: added missing exports
a374016
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch from 2d2214c to dc5b114 Compare August 5, 2025 12:11
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch from dc5b114 to 5b6fe29 Compare August 6, 2025 06:11
@bcbogdan bcbogdan requested a review from porcellus August 6, 2025 06:15
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch 4 times, most recently from b741420 to f5b65d0 Compare August 8, 2025 15:50
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch from f5b65d0 to 526962a Compare August 8, 2025 16:02
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch from ccb440e to 145308b Compare August 8, 2025 16:47
@bcbogdan bcbogdan force-pushed the feat/webauthn-mfa branch 5 times, most recently from 205869f to a1cc79b Compare August 11, 2025 12:22
@porcellus porcellus merged commit fbce71d into 0.50 Aug 15, 2025
208 of 209 checks passed
@porcellus porcellus deleted the feat/webauthn-mfa branch August 15, 2025 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@porcellus porcellus porcellus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bcbogdan @porcellus @niftyvictor