New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Passkey support #13127
feat: Passkey support #13127
Conversation
This refactors the very important `authorize` function. I'm not sure if we want to keep it like this, but the authorize function itself does a lot of checks, only some relevant to `credentials`. Instead of duplicating it, I added a second parameter, `unsafe`, intended to only be used from server code like in the PasskeyProvider. When `unsafe` is used, all the checks dependent on `credentials` are not being run anymore. However, I am not sure how safe this is, or if a larger refactor is needed that properly separates checks dependent on `credentials` from all other checks.
Someone is attempting to deploy a commit to the cal Team on Vercel. A member of the Team first needs to authorize it. |
Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hell yeah passkeys babyyyy
excited for this, will review
}).then((res) => res.json()), | ||
onSuccess: props.onRemoved, | ||
onError: (e: any) => { | ||
showToast(e.message || t("something_went_wrong"), "error"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could also replace with
onError: (e: unknown) => {
showToast(typeof e === "object" && e != null && "message" in e && typeof e.message === "string" ? e.message : t("something_went_wrong"), "error");
to get rid of eslint warning
@@ -55,6 +55,7 @@ const tabs: VerticalTabItemProps[] = [ | |||
{ name: "password", href: "/settings/security/password" }, | |||
{ name: "impersonation", href: "/settings/security/impersonation" }, | |||
{ name: "2fa_auth", href: "/settings/security/two-factor-auth" }, | |||
{ name: "passkeys", href: "/settings/security/passkeys" }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still makes it appear above SSO. Is this position fine?
If we want it to be the last entry in the list, will have to add it below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
positioning is fine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could also move this to an .svg file if preferred
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is fine, however, ideally you move this into calcom/components/icon
with this PR, can people also make an entire new account with passkeys? or just existing users? |
added HANKO_PASSKEYS_API_KEY and NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID to vercel |
Hey there, there is a merge conflict, can you take a look? |
This PR is being marked as stale due to inactivity. |
This PR is being marked as stale due to inactivity. |
Moving to 4.0 based on current priorities. |
Converted to draft until the conflicts can be resolved. |
This PR is being marked as stale due to inactivity. |
Thank you for the PR 🙏 This PR touches too many core auth files and we are not feeling 100% comfortable merging something that can potentially affect all users auth negatively |
We had a call between Felix and @merlindru from the Hanko team and @keithwillcode and myself. We're expecting a new PR with a much simpler approach in the upcoming weeks. |
What does this PR do?
Fixes #13342
Fixes CAL-2984
This PR adds passkey support for logging in through Hanko Passkeys.
Type of change
How should this be tested?
set it to
HANKO_PASSKEYS_API_KEY="<api key>"
(quotes important)
NEXT_PUBLIC_HANKO_PASSKEYS_TENANT_ID=<tenant id>
Mandatory Tasks
next-auth-options.ts
Please review this file, there are substantial changes that might be unsafe. I am not sure if the file in it's current form is okay:
This PR changes the very important
authorize
function. I'm not sure if we want to keep it like this, but the authorize function itself does a lot of checks, only some relevant tocredentials
.Instead of duplicating it, I added a second parameter,
unsafe
, intended to only be used from server code like in thePasskeyProvider
. Using it is very explicit, you have to passundefined
as a first parameter, so it's clear that you shouldn't be using this functionality unless you're sure what you're doing:When
unsafe
is used, all the checks dependent oncredentials
are not being run anymore.I am not sure how safe this is, or if a larger refactor is needed that properly separates checks dependent on
credentials
from all other checks. (That would certainly be cleaner, though)Checklist
Adds passkey button to login page:
Adds "Passkeys" settings section to sidebar:
Adds passkeys settings page
Empty:
Clicking on the "add" button and "sign in with a passkey" buttons opens a browser dialog. This looks different for every browser, phone, etc.
For example:
With passkeys added:
Dropdown stolen straight from API settings page: