From a221776694574a30f1869c923b7db9ec1c218391 Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Tue, 7 Oct 2025 17:09:55 +0300
Subject: [PATCH 1/6] feat: enhance loading states and passkey handling in
 TwoFactors components. Require TOTP for passkey registation

---
 custom/TwoFactorsConfirmation.vue     | 15 +++++--
 custom/TwoFactorsPasskeysSettings.vue | 64 +++++++++++++++++++--------
 index.ts                              | 10 +++++
 3 files changed, 67 insertions(+), 22 deletions(-)

diff --git a/custom/TwoFactorsConfirmation.vue b/custom/TwoFactorsConfirmation.vue
index ac071a4..2e122e4 100644
--- a/custom/TwoFactorsConfirmation.vue
+++ b/custom/TwoFactorsConfirmation.vue
@@ -8,7 +8,7 @@
     }: {}"
   >
 
-  <div id="authentication-modal" tabindex="-1" class="af-two-factors-confirmation overflow-y-auto overflow-x-hidden z-50 min-w-[00px] justify-center items-center md:inset-0 h-[calc(100%-1rem)] max-h-full">
+  <div v-if="isLoading===false" id="authentication-modal" tabindex="-1" class="af-two-factors-confirmation overflow-y-auto overflow-x-hidden z-50 min-w-[00px] justify-center items-center md:inset-0 h-[calc(100%-1rem)] max-h-full">
     <div class="relative p-4 w-full max-w-md max-h-full">
         <!-- Modal content -->
         <div class="relative bg-white rounded-lg shadow dark:bg-gray-700 dark:shadow-black text-gray-500" >
@@ -44,7 +44,7 @@
                 <IconShieldOutline class="w-16 h-16 text-lightPrimary dark:text-darkPrimary"/>
                 <p class="text-4xl font-semibold mb-4">Passkey</p>
                 <p class="mb-2 max-w-[300px]">When you are ready, authenticate using the button below</p>
-                <Button @click="usePasskeyButton" class="w-full mx-16">
+                <Button @click="usePasskeyButton" :disabled="isFetchingPasskey" :loader="isFetchingPasskey" class="w-full mx-16">
                   Use passkey
                 </Button>
                 <div v-if="confirmationMode === 'passkey'" class="max-w-sm px-6 pt-3 w-full bg-white border border-gray-200 rounded-lg shadow-sm dark:bg-gray-800 dark:border-gray-700">
@@ -68,6 +68,9 @@
         </div>
       </div>
     </div>
+    <div v-else>
+      <Spinner class="w-10 h-10" />
+    </div>
   </div>
 </template>
 
@@ -79,7 +82,7 @@
   import { useUserStore } from '@/stores/user';
   import { callAdminForthApi, loadFile } from '@/utils';
   import { showErrorTost } from '@/composables/useFrontendApi';
-  import { Button, Link } from '@/afcl';
+  import { Button, Link, Spinner } from '@/afcl';
   import VOtpInput from "vue3-otp-input";
   import { useI18n } from 'vue-i18n';
   import { useRoute } from 'vue-router'
@@ -95,6 +98,7 @@
   const route = useRoute();
   const router = useRouter();
   const codeError = ref(null);
+  const isFetchingPasskey = ref(false);
 
   onBeforeMount(() => {
     if (localStorage.getItem('isAuthorized') === 'true') {
@@ -131,6 +135,7 @@
   const doesUserHavePasskeys = ref(false);
   const confirmationMode = ref("code");
   const isPasskeysSupported = ref(false);
+  const isLoading = ref(true);
 
   onMounted(async () => {
     if (localStorage.getItem('isAuthorized') !== 'true') {
@@ -145,6 +150,7 @@
       const rootEl = otpRoot.value;
       rootEl && rootEl.addEventListener('focusout', handleFocusOut, true);
     }
+    isLoading.value = false;
   });
 
   watch(route, (newRoute) => {
@@ -231,10 +237,12 @@
   }
 
   async function usePasskeyButton() {
+    isFetchingPasskey.value = true;
     const { _options, challengeId } = await createSignInRequest();
     const options = PublicKeyCredential.parseRequestOptionsFromJSON(_options);
     const credential = await authenticate(options);
     if (!credential) {
+      isFetchingPasskey.value = false;
       return;
     }
     const result = JSON.stringify(credential);
@@ -244,6 +252,7 @@
       origin: window.location.origin,
     };
     sendCode('', 'passkey', passkeyOptions);
+    isFetchingPasskey.value = false;
   }
 
   async function createSignInRequest() {
diff --git a/custom/TwoFactorsPasskeysSettings.vue b/custom/TwoFactorsPasskeysSettings.vue
index 77447c8..1a70023 100644
--- a/custom/TwoFactorsPasskeysSettings.vue
+++ b/custom/TwoFactorsPasskeysSettings.vue
@@ -22,12 +22,18 @@
                         header="Edit Passkey"
                     >
                         <template #trigger>
-                            <div 
-                                @click="passkeysNewName = ''"
-                                class="w-7 h-7 flex items-center justify-center hover:border rounded-md hover:shadow-md text-blue-500 hover:text-blue-700 cursor-pointer"
-                            >
-                                <IconPenSolid class="w-5 h-5" />
-                            </div>
+                            <Tooltip>
+                                <div 
+                                    @click="passkeysNewName = ''"
+                                    class="w-7 h-7 flex items-center justify-center rounded-md text-blue-500 hover:text-blue-700 cursor-pointer"
+                                >
+                                    <IconPenSolid class="w-5 h-5" />
+                                </div>
+
+                                <template #tooltip>
+                                    Rename passkey
+                                </template>
+                            </Tooltip>
                         </template>
                         <div>
                             <p>Enter new passkey name:</p>
@@ -48,11 +54,16 @@
                         header="Delete Passkey"
                     >
                         <template #trigger>
-                            <div class="w-7 h-7 flex items-center justify-center hover:border rounded-md hover:shadow-md text-red-500 hover:text-red-700 cursor-pointer">
-                                <IconTrashBinSolid 
-                                    class="w-5 h-5" 
-                                />
-                            </div>
+                            <Tooltip>
+                                <div class="w-7 h-7 flex items-center justify-center rounded-md text-red-500 hover:text-red-700 cursor-pointer">
+                                    <IconTrashBinSolid 
+                                        class="w-5 h-5" 
+                                    />
+                                </div>
+                                <template #tooltip>
+                                    Delete passkey
+                                </template>
+                            </Tooltip>
                         </template>
                         <div>
                             <p>Are you sure you want to delete this passkey?</p>
@@ -66,7 +77,7 @@
             </template>
             </Table>
             <div class="flex space-x-4 mt-4" v-if="isInitialFinished">
-                <ButtonGroup :solidColor="true">
+                <ButtonGroup :solidColor="true" v-if="isFetchingPasskey === false">
                     <template #button:Profile>
                         <div class="flex px-4 py-2" @click="addPasskey()">
                             <IconPlusOutline class="w-5 h-5 me-2"/>
@@ -79,6 +90,7 @@
                         </div>
                     </template>
                 </ButtonGroup>
+                <p v-else class="flex items-center justify-center gap-2 text-base">Processing <Spinner class="w-4 h-4 inline-block" /></p>
             </div> 
             <div v-if="isCardsVisible" id="cards-container" class="w-80 mt-2 border-gray-400 p-2 bg-white rounded-lg shadow-md flex flex-col space-y-2">
                 <div v-if="isPasskeySupported" class="flex justify-between gap-4" :class="!isPasskeySupported ? 'opacity-50 pointer-events-none' : ''">
@@ -135,7 +147,7 @@
     import { callAdminForthApi } from '@/utils';
     import adminforth from '@/adminforth';
     import { onMounted, ref, Ref, onBeforeUnmount } from 'vue';
-    import { Card, Dialog, ButtonGroup, Tooltip } from '@/afcl'
+    import { Card, Dialog, ButtonGroup, Tooltip, Spinner } from '@/afcl'
     import { IconTrashBinSolid, IconPenSolid, IconPlusOutline, IconCaretDownSolid, IconCheckOutline } from '@iconify-prerendered/vue-flowbite';
     import dayjs from 'dayjs';
     import utc from 'dayjs/plugin/utc';
@@ -152,6 +164,7 @@
     const addPasskeyMode: Ref<'platform' | 'cross-platform'> = ref('platform');
     const authenticatorAttachment = ref<'platform' | 'cross-platform' | 'both'>('platform');
     const isInitialFinished = ref(false);
+    const isFetchingPasskey = ref(false);
 
     onMounted(async () => {
         await getPasskeys();
@@ -180,12 +193,22 @@
     }
 
     async function addPasskey() {
-        const { options, challengeId } = await fetchInformationFromTheBackend();
+        isFetchingPasskey.value = true;
+        const code = await window.adminforthTwoFaModal.getCode();
+
+        const { options } = await fetchInformationFromTheBackend(code);
+        if (!options ) {
+            isFetchingPasskey.value = false;
+            adminforth.alert({message: 'Verification failed.', variant: 'warning'});
+            return;
+        }
         const creationResult = await callWebAuthn(options);
         if (!creationResult) {
+            isFetchingPasskey.value = false;
             return;
         }
-        finishRegisteringPasskey(creationResult, challengeId);
+        finishRegisteringPasskey(creationResult);
+        isFetchingPasskey.value = false;
     }
 
     async function getPasskeys() {
@@ -267,20 +290,24 @@
         }  
     } 
     
-    async function fetchInformationFromTheBackend() {
+    async function fetchInformationFromTheBackend(code) {
         let response;
         try {
             response = await callAdminForthApi({
                 path: `/plugin/passkeys/registerPasskeyRequest`,
                 method: 'POST',
                 body: {
-                    mode: addPasskeyMode.value
+                    mode: addPasskeyMode.value,
+                    code: code
                 },
             });
         } catch (error) {
             console.error('Error fetching passkeys info:', error);
             return;
         }
+        if (!response.ok) {
+            return {};
+        }
         const _options = response.data;
         const challengeId = response.challengeId;
         const options = PublicKeyCredential.parseCreationOptionsFromJSON(_options);
@@ -303,7 +330,7 @@
         return result;
     }
 
-    async function finishRegisteringPasskey(credential: any, challengeId: string) {
+    async function finishRegisteringPasskey(credential: any) {
         let res 
         try {
             res = await callAdminForthApi({
@@ -312,7 +339,6 @@
                 body: {
                     credential: credential,
                     origin: window.location.origin,
-                    challengeId: challengeId,
                 },
             });
         } catch (error) {
diff --git a/index.ts b/index.ts
index af66e18..93e9328 100644
--- a/index.ts
+++ b/index.ts
@@ -442,6 +442,16 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
       noAuth: false,
       handler: async ({ body, adminUser, response }) => {
         const mode = body?.mode;
+
+        const code = body?.code;
+        this.connectors = this.adminforth.connectors
+        const connector = this.connectors[this.authResource.dataSource];
+        const reqUser = await connector.getRecordByPrimaryKey(this.authResource, adminUser.pk)
+        const verified = twofactor.verifyToken(reqUser[this.options.twoFaSecretFieldName], code, this.options.timeStepWindow)
+        if ( !verified ) {
+          return { ok: false, error: 'Wrong or expired OTP code' };
+        }
+
         const settingsOrigin = this.options.passkeys?.settings.expectedOrigin;
         const rp = {
           name: this.options.passkeys?.settings.rp.name || this.adminforth.config.customization.brandName,

From e6577bffd9644d73fbb6dc71fe9f6738cd7ab22d Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Wed, 8 Oct 2025 17:46:49 +0300
Subject: [PATCH 2/6] BREAKING CHANGE:  rename getCode() call to the
 get2FaConfirmationResult() and add support of passkeys in 2FA modal

---
 custom/TwoFAModal.vue                 | 132 ++++++++++++++++++++++----
 custom/TwoFactorsPasskeysSettings.vue |  69 ++++++++++++--
 custom/utils.js                       |  55 ++++++++++-
 index.ts                              |  74 ++++++++++-----
 4 files changed, 276 insertions(+), 54 deletions(-)

diff --git a/custom/TwoFAModal.vue b/custom/TwoFAModal.vue
index ef25270..d119cb3 100644
--- a/custom/TwoFAModal.vue
+++ b/custom/TwoFAModal.vue
@@ -1,14 +1,15 @@
 <template>
     <div class="af-two-factors-modal fixed inset-0 z-[9999] flex items-center justify-center bg-black/50 top-0 bottom-0 left-0 right-0"
-    v-show ="modelShow">
-      <div class="relative bg-white dark:bg-gray-700 rounded-lg shadow p-6 w-full max-w-md">
+    v-show ="modelShow && (isLoading === false)">
+      <div v-if="modalMode === 'totp'" class="relative bg-white dark:bg-gray-700 rounded-lg shadow p-6 w-full max-w-md">
         <div id="mfaCode-label" class="mb-4 text-gray-700 dark:text-gray-100 text-center">
-          {{ $t('Please enter your authenticator code') }}
+          <p> {{ customDialogTitle }} </p>
+          <p>{{ $t('Please enter your authenticator code') }}</p>
         </div>
   
         <div class="my-4 w-full flex justify-center" ref="otpRoot">
           <v-otp-input
-            ref="code"
+            ref="confirmationResult"
             container-class="grid grid-cols-6 gap-3 w-full"
             input-classes="bg-gray-50 text-center flex justify-center otp-input border leading-none border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-blue-500 focus:border-blue-500 block w-10 h-10 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-blue-500 dark:focus:border-blue-500"
             :num-inputs="6"
@@ -21,7 +22,8 @@
           />
         </div>
   
-        <div class="mt-6 flex justify-center gap-3">
+        <div class="mt-6 flex justify-center items-center gap-32 w-full">
+          <p v-if="doesUserHavePasskeys===true" class="underline hover:no-underline text-lightPrimary whitespace-nowrap hover:cursor-pointer" @click="modalMode = 'passkey'" >use passkey</p>
           <button
             class="px-4 py-2 rounded border bg-gray-100 dark:bg-gray-600"
             @click="onCancel"
@@ -29,18 +31,60 @@
           >{{ $t('Cancel') }}</button>
         </div>
       </div>
+
+
+
+      <div v-else-if="modalMode === 'passkey'" class="flex flex-col items-center justify-center py-4 gap-6 relative bg-white dark:bg-gray-700 rounded-lg shadow p-6">
+        <button
+          type="button"
+          class="text-lightDialogCloseButton bg-transparent hover:bg-lightDialogCloseButtonHoverBackground hover:text-lightDialogCloseButtonHover rounded-lg text-sm w-8 h-8 ms-auto inline-flex justify-center items-center dark:text-darkDialogCloseButton dark:hover:bg-darkDialogCloseButtonHoverBackground dark:hover:text-darkDialogCloseButtonHover"
+          @click="onCancel"
+        >
+          <svg class="w-3 h-3" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 14 14">
+            <path stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="m1 1 6 6m0 0 6 6M7 7l6-6M7 7l-6 6"/>
+          </svg>
+          <span class="sr-only">Close modal</span>
+        </button>
+        <IconShieldOutline class="w-16 h-16 text-lightPrimary dark:text-darkPrimary"/>
+        <p class="text-4xl font-semibold mb-4">Passkey</p>
+        <div class="mb-2 max-w-[300px]">
+          <p class="mb-2">{{customDialogTitle}} </p>
+          <p>Authenticate yourself using the button below</p>
+        </div>
+        <Button @click="usePasskeyButtonClick" :disabled="isFetchingPasskey" :loader="isFetchingPasskey" class="w-full mx-16">
+          Use passkey
+        </Button>
+        <div v-if="modalMode === 'passkey'" class="max-w-sm px-6 pt-3 w-full bg-white border border-gray-200 rounded-lg shadow-sm dark:bg-gray-800 dark:border-gray-700">
+          <div class="mb-3 font-normal text-gray-700 dark:text-gray-400">
+            <p> Have issues with passkey? </p>
+            <p class="underline hover:no-underline text-lightPrimary whitespace-nowrap hover:cursor-pointer" @click="modalMode = 'totp'" >use TOTP</p>
+          </div>
+        </div>
+
+
+
+      </div>
     </div>
   </template>
   
   <script setup lang="ts">
   import VOtpInput from 'vue3-otp-input';
-  import { ref, nextTick, watch } from 'vue';
+  import { ref, nextTick, watch, onMounted } from 'vue';
   import { useUserStore } from '@/stores/user';
   import { useI18n } from 'vue-i18n';
+  import { callAdminForthApi } from '@/utils';
+  import { Link, Button } from '@/afcl';
+  import { IconShieldOutline } from '@iconify-prerendered/vue-flowbite';
+  import { getPasskey } from './utils.js' 
+
+
   declare global {
     interface Window {
       adminforthTwoFaModal: {
-        getCode: () => Promise<any>;
+        get2FaConfirmationResult: (        
+          verifyingCallback?: (confirmationResult: string) => Promise<boolean>,
+          title?: string
+        ) => Promise<any>;
       };
     }
   }
@@ -54,15 +98,20 @@
   }>();
 
   const modelShow = ref(false);
-  let resolveFn: ((code: string) => void) | null = null;
-  let verifyingCallback: ((code: string) => boolean) | null = null;
-  let verifyFn: null | ((code: string) => Promise<boolean> | boolean) = null;
+  let resolveFn: ((confirmationResult: string) => void) | null = null;
+  let verifyingCallback: ((confirmationResult: string) => boolean) | null = null;
+  let verifyFn: null | ((confirmationResult: string) => Promise<boolean> | boolean) = null;
   let rejectFn: ((err?: any) => void) | null = null;
 
+
   window.adminforthTwoFaModal = {
-    getCode: (verifyingCallback?: (code: string) => Promise<boolean>) =>
-      new Promise((resolve, reject) => {
+    get2FaConfirmationResult: (verifyingCallback?: (confirmationResult: string) => Promise<boolean>, title?: string) =>
+      new Promise(async (resolve, reject) => {
       if (modelShow.value) throw new Error('Modal is already open');
+      await checkIfUserHasPasskeys();
+      if (title) {
+        customDialogTitle.value = title;
+      }
       modelShow.value = true;
       resolveFn = resolve;
       rejectFn = reject;
@@ -73,10 +122,30 @@
   const { t } = useI18n();
   const user = useUserStore();
   
-  const code = ref<any>(null);
+  const confirmationResult = ref<any>(null);
   const otpRoot = ref<HTMLElement | null>(null);
   const bindValue = ref('');
+  const doesUserHavePasskeys = ref(false);
+  const modalMode = ref<"totp" | "passkey">("totp");
+  const isLoading = ref(false);
+  const customDialogTitle = ref("");
   
+  async function usePasskeyButtonClick() {
+    let passkeyData;
+    try {
+      passkeyData = await getPasskey();
+    } catch (e) {
+      adminforth.alert({message: 'Failed to get passkey', variant: 'danger'});
+      onCancel();
+    }
+    modelShow.value = false;
+    const dataToReturn = {
+      mode: "passkey",
+      result: passkeyData
+    }
+    resolveFn(dataToReturn);
+  }
+
   function tagOtpInputs() {
     const root = otpRoot.value;
     if (!root) return;
@@ -96,15 +165,15 @@
     event.preventDefault();
     const pastedText = event.clipboardData?.getData('text') || '';
     if (pastedText.length === 6) {
-      code.value?.fillInput(pastedText);
+      confirmationResult.value?.fillInput(pastedText);
     }
   }
   
   async function handleOnComplete(value: string) {
-    await sendCode(value);
+    await sendConfirmationResult(value);
   }
   
-  async function sendCode(value: string) {
+  async function sendConfirmationResult(value: string) {
     if (!resolveFn) throw new Error('Modal is not initialized properly');
     if (verifyFn) {
       try {
@@ -120,14 +189,19 @@
     }
 
     modelShow.value = false;
-    resolveFn(value);
+    const dataToReturn = {
+      mode: "totp",
+      result: value
+    }
+    resolveFn(dataToReturn);
   }
   
   
   function onCancel() {
     modelShow.value = false;
     bindValue.value = '';
-    code.value?.clearInput();
+    confirmationResult.value?.clearInput();
+    rejectFn("Cancel");
     emit('rejected', new Error('cancelled'));
     emit('closed');
   }
@@ -148,10 +222,30 @@
       htmlRef.style.overflow = '';
     }
     bindValue.value = '';
-    code.value?.clearInput();
+    confirmationResult.value?.clearInput();
   }
 });
 
+  async function checkIfUserHasPasskeys() {
+    isLoading.value = true;
+    callAdminForthApi({
+      method: 'GET',
+      path: '/plugin/passkeys/getPasskeys',
+    }).then((response) => {
+      if (response.ok) {
+        if (response.data.length >= 1) {
+          doesUserHavePasskeys.value = true;
+          modalMode.value = "passkey";
+          isLoading.value = false;
+        } else {
+          doesUserHavePasskeys.value = false;
+          modalMode.value = "totp";
+          isLoading.value = false;
+        }
+      }
+    });
+  }
+
   </script>
   
 <style scoped>
diff --git a/custom/TwoFactorsPasskeysSettings.vue b/custom/TwoFactorsPasskeysSettings.vue
index 1a70023..d4c0645 100644
--- a/custom/TwoFactorsPasskeysSettings.vue
+++ b/custom/TwoFactorsPasskeysSettings.vue
@@ -1,5 +1,5 @@
 <template>
-    <div class="text-3xl text-gray-900 font-semibold max-w-2xl mr-6 flex-col justify-center items-center">
+    <div class="text-3xl text-lightBreadcrumbsText dark:text-darkBreadcrumbsText font-semibold max-w-2xl mr-6 flex-col justify-center items-center">
         <p class="flex items-start justify-start leading-none">Passkeys</p>
         <div class="flex flex-col items-end">
             <Table
@@ -79,7 +79,7 @@
             <div class="flex space-x-4 mt-4" v-if="isInitialFinished">
                 <ButtonGroup :solidColor="true" v-if="isFetchingPasskey === false">
                     <template #button:Profile>
-                        <div class="flex px-4 py-2" @click="addPasskey()">
+                        <div class="flex px-4 py-2" @click="addPasskeyStartAction()">
                             <IconPlusOutline class="w-5 h-5 me-2"/>
                             <p>{{ addPasskeyMode === 'platform' ? 'Add Local Passkey' : 'Add External Passkey' }}</p>
                         </div>
@@ -139,6 +139,29 @@
                 </div>
             </div>
         </div>
+        <Dialog 
+            ref="confirmDialog" 
+            class="w-96" 
+            :click-to-close-outside="false"   
+            :buttons="[]"
+        >
+            <div class="flex flex-col">
+                <button
+                type="button"
+                class="text-lightDialogCloseButton bg-transparent hover:bg-lightDialogCloseButtonHoverBackground hover:text-lightDialogCloseButtonHover rounded-lg text-sm w-8 h-8 ms-auto inline-flex justify-center items-center dark:text-darkDialogCloseButton dark:hover:bg-darkDialogCloseButtonHoverBackground dark:hover:text-darkDialogCloseButtonHover"
+                @click="{ isFetchingPasskey = false; fetchedOptions = null; closeDialog(); }"
+                >
+                    <svg class="w-3 h-3" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 14 14">
+                        <path stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="m1 1 6 6m0 0 6 6M7 7l6-6M7 7l-6 6"/>
+                    </svg>
+                    <span class="sr-only">Close dialog</span>
+                </button>
+                <div class="flex items-center justify-center space-y-4">
+                    Now you can add a passkey. 
+                </div>
+                <Button class="mt-4" @click="addPasskeyFinishAction(fetchedOptions); closeDialog();">Add Passkey</Button>
+            </div>
+        </Dialog>
     </div>
 </template>
 
@@ -147,7 +170,7 @@
     import { callAdminForthApi } from '@/utils';
     import adminforth from '@/adminforth';
     import { onMounted, ref, Ref, onBeforeUnmount } from 'vue';
-    import { Card, Dialog, ButtonGroup, Tooltip, Spinner } from '@/afcl'
+    import { Card, Dialog, ButtonGroup, Tooltip, Spinner, Button } from '@/afcl'
     import { IconTrashBinSolid, IconPenSolid, IconPlusOutline, IconCaretDownSolid, IconCheckOutline } from '@iconify-prerendered/vue-flowbite';
     import dayjs from 'dayjs';
     import utc from 'dayjs/plugin/utc';
@@ -166,6 +189,18 @@
     const isInitialFinished = ref(false);
     const isFetchingPasskey = ref(false);
 
+    const confirmDialog = ref(null);
+
+    const openDialog = () => {
+        confirmDialog.value.open();
+    }
+
+    const closeDialog = () => {
+        confirmDialog.value.close();
+    }
+
+    const fetchedOptions = ref(null);
+
     onMounted(async () => {
         await getPasskeys();
         await checkForCompatibility();
@@ -192,21 +227,37 @@
         }
     }
 
-    async function addPasskey() {
+    async function addPasskeyStartAction() {
         isFetchingPasskey.value = true;
-        const code = await window.adminforthTwoFaModal.getCode();
-
-        const { options } = await fetchInformationFromTheBackend(code);
+        let confirmationResult;
+        try {
+            confirmationResult = await window.adminforthTwoFaModal.get2FaConfirmationResult(undefined, "To add passkey first verify yourself");
+        } catch (e) {
+            isFetchingPasskey.value = false;
+            return;
+        }
+        if (!confirmationResult) {
+            isFetchingPasskey.value = false;
+            return;
+        }
+        const { options } = await fetchInformationFromTheBackend(confirmationResult);
         if (!options ) {
             isFetchingPasskey.value = false;
             adminforth.alert({message: 'Verification failed.', variant: 'warning'});
             return;
         }
+        fetchedOptions.value = options;
+        openDialog();
+    }
+
+    async function addPasskeyFinishAction(options) {
         const creationResult = await callWebAuthn(options);
         if (!creationResult) {
             isFetchingPasskey.value = false;
+            fetchedOptions.value = null;
             return;
         }
+        fetchedOptions.value = null;
         finishRegisteringPasskey(creationResult);
         isFetchingPasskey.value = false;
     }
@@ -290,7 +341,7 @@
         }  
     } 
     
-    async function fetchInformationFromTheBackend(code) {
+    async function fetchInformationFromTheBackend(confirmationResult) {
         let response;
         try {
             response = await callAdminForthApi({
@@ -298,7 +349,7 @@
                 method: 'POST',
                 body: {
                     mode: addPasskeyMode.value,
-                    code: code
+                    confirmationResult: confirmationResult
                 },
             });
         } catch (error) {
diff --git a/custom/utils.js b/custom/utils.js
index 7fedf28..0c5f73f 100644
--- a/custom/utils.js
+++ b/custom/utils.js
@@ -1,4 +1,6 @@
-    export function handlePasskeyAlert(propSuggestionPeriod, router) {
+   import { callAdminForthApi } from '@/utils';
+
+   export function handlePasskeyAlert(propSuggestionPeriod, router) {
         const currentDate = Date.now();
         window.localStorage.removeItem('suggestionPeriod');
         window.localStorage.setItem('suggestionPeriod', propSuggestionPeriod);
@@ -52,4 +54,53 @@
             }
         });
         }
-    }
\ No newline at end of file
+    }
+
+    export async function getPasskey() {
+    const { _options } = await createSignInRequest();
+    const options = PublicKeyCredential.parseRequestOptionsFromJSON(_options);
+    const credential = await authenticate(options);
+    if (!credential) {
+      isFetchingPasskey.value = false;
+      return;
+    }
+    const result = JSON.stringify(credential);
+    const passkeyOptions = {
+      response: result,
+      origin: window.location.origin,
+    };
+    return passkeyOptions;
+  }
+
+  async function createSignInRequest() {
+    let response;
+    try {
+      response = await callAdminForthApi({
+        path: `/plugin/passkeys/signInRequest`,
+        method: 'POST',
+      });
+    } catch (error) {
+      console.error('Error creating sign-in request:', error);
+      return;
+    }
+    if (response.ok === true) {
+      return { _options: response.data, challengeId: response.challengeId };
+    } else {
+      adminforth.alert({message: 'Error creating sign-in request.', variant: 'warning'});
+      codeError.value = 'Error creating sign-in request.';
+    }
+  }
+
+  async function authenticate(options) {
+    try {
+      const abortController = new AbortController();
+      const credential = await navigator.credentials.get({
+        publicKey: options,
+        signal: abortController.signal,
+      });
+      return credential;
+    } catch (error) {
+      adminforth.alert({message: 'Error during authentication', variant: 'warning'});
+      codeError.value = 'Error during authentication.';
+    }
+  }
diff --git a/index.ts b/index.ts
index 93e9328..2f67ea9 100644
--- a/index.ts
+++ b/index.ts
@@ -9,6 +9,12 @@ import {
   verifyAuthenticationResponse
 } from '@simplewebauthn/server';
 import { isoUint8Array, isoBase64URL } from '@simplewebauthn/server/helpers';
+import { webcrypto } from 'crypto';
+
+if (!globalThis.crypto) {
+  // @ts-ignore
+  globalThis.crypto = webcrypto;
+}
 
 export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
   options: PluginOptions;
@@ -27,31 +33,50 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
   }
 
   public async verify(
-    code: string,
-    opts?: { adminUser?: AdminUser; userPk?: string }
+    confirmationResult: Record<string, any>,
+    opts?: { adminUser?: AdminUser; userPk?: string; cookies?: any }
   ): Promise<{ ok: true } | { error: string }> {
-    if (!code) return { error: "Code is required" };
+    if (!confirmationResult) return { error: "Confirmation result is required" };
+
+    if (confirmationResult.mode === "totp") {
+      const code = confirmationResult.result;
+      const authRes = this.adminforth.config.resources
+        .find(r => r.resourceId === this.adminforth.config.auth.usersResourceId);
 
-    const authRes = this.adminforth.config.resources
-      .find(r => r.resourceId === this.adminforth.config.auth.usersResourceId);
+      if (!authRes) return { error: "Auth resource not found" };
 
-    if (!authRes) return { error: "Auth resource not found" };
+      const connector = this.adminforth.connectors[authRes.dataSource];
+      const pkName = authRes.columns.find(c => c.primaryKey)?.name;
+      if (!pkName) return { error: "Primary key not found on auth resource" };
 
-    const connector = this.adminforth.connectors[authRes.dataSource];
-    const pkName = authRes.columns.find(c => c.primaryKey)?.name;
-    if (!pkName) return { error: "Primary key not found on auth resource" };
+      const pk = opts?.userPk ?? opts?.adminUser?.dbUser?.[pkName];
+      if (!pk) return { error: "User PK is required" };
 
-    const pk = opts?.userPk ?? opts?.adminUser?.dbUser?.[pkName];
-    if (!pk) return { error: "User PK is required" };
+      const user = await connector.getRecordByPrimaryKey(authRes, pk);
+      if (!user) return { error: "User not found" };
 
-    const user = await connector.getRecordByPrimaryKey(authRes, pk);
-    if (!user) return { error: "User not found" };
+      const secret = user[this.options.twoFaSecretFieldName];
+      if (!secret) return { error: "2FA is not set up for this user" };
+
+      const verified = twofactor.verifyToken(secret, code, this.options.timeStepWindow);
+      return verified ? { ok: true } : { error: "Wrong or expired OTP code" };
+    } else if (confirmationResult.mode === "passkey") {
+      const passkeysCookies = this.adminforth.auth.getCustomCookie({cookies: opts.cookies, name: `passkeyLoginTemporaryJWT`});
+      if (!passkeysCookies) {
+        return { error: 'Passkey token is required' };
+      }
 
-    const secret = user[this.options.twoFaSecretFieldName];
-    if (!secret) return { error: "2FA is not set up for this user" };
+      const decodedPasskeysCookies = await this.adminforth.auth.verify(passkeysCookies, 'tempPasskeyChallenge', false);
+      if (!decodedPasskeysCookies) {
+        return { error: 'Invalid passkey' };
+      }
+      const verificationResult = await this.verifyPasskeyResponse(confirmationResult.result, opts.userPk, decodedPasskeysCookies );
 
-    const verified = twofactor.verifyToken(secret, code, this.options.timeStepWindow);
-    return verified ? { ok: true } : { error: "Wrong or expired OTP code" };
+      if (verificationResult.ok && verificationResult.passkeyConfirmed) {
+        return  { ok: true }
+      }
+      return { error: "Invalid passkey" }
+    }
   }
 
   public parsePeriod(period?: string): number {
@@ -440,15 +465,16 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
       method: 'POST',
       path: `/plugin/passkeys/registerPasskeyRequest`,
       noAuth: false,
-      handler: async ({ body, adminUser, response }) => {
+      handler: async ({ body, adminUser, response, cookies }) => {
         const mode = body?.mode;
 
-        const code = body?.code;
-        this.connectors = this.adminforth.connectors
-        const connector = this.connectors[this.authResource.dataSource];
-        const reqUser = await connector.getRecordByPrimaryKey(this.authResource, adminUser.pk)
-        const verified = twofactor.verifyToken(reqUser[this.options.twoFaSecretFieldName], code, this.options.timeStepWindow)
-        if ( !verified ) {
+        const confirmationResult = body?.confirmationResult;
+        const verificationResult = await this.verify(confirmationResult, {
+          adminUser: adminUser,
+          userPk: adminUser.pk, 
+          cookies: cookies
+        });
+        if ( !verificationResult || !('ok' in verificationResult) || verificationResult.ok === false) {
           return { ok: false, error: 'Wrong or expired OTP code' };
         }
 

From 50a862fb383cf9e3afa130ae3ebff98da1a47a41 Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Thu, 9 Oct 2025 10:07:43 +0300
Subject: [PATCH 3/6] fix: styling for the 2Fa modal and update error messages
 text

---
 custom/TwoFAModal.vue | 8 ++++----
 index.ts              | 8 +-------
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/custom/TwoFAModal.vue b/custom/TwoFAModal.vue
index d119cb3..57f4d56 100644
--- a/custom/TwoFAModal.vue
+++ b/custom/TwoFAModal.vue
@@ -1,7 +1,7 @@
 <template>
     <div class="af-two-factors-modal fixed inset-0 z-[9999] flex items-center justify-center bg-black/50 top-0 bottom-0 left-0 right-0"
     v-show ="modelShow && (isLoading === false)">
-      <div v-if="modalMode === 'totp'" class="relative bg-white dark:bg-gray-700 rounded-lg shadow p-6 w-full max-w-md">
+      <div v-if="modalMode === 'totp'" class="af-two-factor-modal-totp relative bg-white dark:bg-gray-700 rounded-lg shadow p-6 w-full max-w-md">
         <div id="mfaCode-label" class="mb-4 text-gray-700 dark:text-gray-100 text-center">
           <p> {{ customDialogTitle }} </p>
           <p>{{ $t('Please enter your authenticator code') }}</p>
@@ -34,7 +34,7 @@
 
 
 
-      <div v-else-if="modalMode === 'passkey'" class="flex flex-col items-center justify-center py-4 gap-6 relative bg-white dark:bg-gray-700 rounded-lg shadow p-6">
+      <div v-else-if="modalMode === 'passkey'" class="af-two-factor-modal-passkeys flex flex-col items-center justify-center py-4 gap-6 relative bg-white dark:bg-gray-700 rounded-lg shadow p-6">
         <button
           type="button"
           class="text-lightDialogCloseButton bg-transparent hover:bg-lightDialogCloseButtonHoverBackground hover:text-lightDialogCloseButtonHover rounded-lg text-sm w-8 h-8 ms-auto inline-flex justify-center items-center dark:text-darkDialogCloseButton dark:hover:bg-darkDialogCloseButtonHoverBackground dark:hover:text-darkDialogCloseButtonHover"
@@ -46,8 +46,8 @@
           <span class="sr-only">Close modal</span>
         </button>
         <IconShieldOutline class="w-16 h-16 text-lightPrimary dark:text-darkPrimary"/>
-        <p class="text-4xl font-semibold mb-4">Passkey</p>
-        <div class="mb-2 max-w-[300px]">
+        <p class="text-4xl font-semibold mb-4 text:gray-900 dark:text-gray-200 ">Passkey</p>
+        <div class="mb-2 max-w-[300px] text:gray-900 dark:text-gray-200">
           <p class="mb-2">{{customDialogTitle}} </p>
           <p>Authenticate yourself using the button below</p>
         </div>
diff --git a/index.ts b/index.ts
index 2f67ea9..f2df8de 100644
--- a/index.ts
+++ b/index.ts
@@ -9,12 +9,6 @@ import {
   verifyAuthenticationResponse
 } from '@simplewebauthn/server';
 import { isoUint8Array, isoBase64URL } from '@simplewebauthn/server/helpers';
-import { webcrypto } from 'crypto';
-
-if (!globalThis.crypto) {
-  // @ts-ignore
-  globalThis.crypto = webcrypto;
-}
 
 export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
   options: PluginOptions;
@@ -475,7 +469,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
           cookies: cookies
         });
         if ( !verificationResult || !('ok' in verificationResult) || verificationResult.ok === false) {
-          return { ok: false, error: 'Wrong or expired OTP code' };
+          return { ok: false, error: 'Verification failed' };
         }
 
         const settingsOrigin = this.options.passkeys?.settings.expectedOrigin;

From cd0e38955bc1c53a0989711a3111a29ace6e694f Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Thu, 9 Oct 2025 10:11:17 +0300
Subject: [PATCH 4/6] fix: update user verification logic for passkeys
 registration

---
 index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.ts b/index.ts
index f2df8de..77a1c1e 100644
--- a/index.ts
+++ b/index.ts
@@ -468,7 +468,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
           userPk: adminUser.pk, 
           cookies: cookies
         });
-        if ( !verificationResult || !('ok' in verificationResult) || verificationResult.ok === false) {
+        if ( !verificationResult || !('ok' in verificationResult) ) {
           return { ok: false, error: 'Verification failed' };
         }
 

From 41ac28062ff81fd42a06bfe07f129fd55dabe216 Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Thu, 9 Oct 2025 11:11:49 +0300
Subject: [PATCH 5/6] chore: rename jwt for the login

---
 index.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/index.ts b/index.ts
index 77a1c1e..b6c2eec 100644
--- a/index.ts
+++ b/index.ts
@@ -60,7 +60,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
         return { error: 'Passkey token is required' };
       }
 
-      const decodedPasskeysCookies = await this.adminforth.auth.verify(passkeysCookies, 'tempPasskeyChallenge', false);
+      const decodedPasskeysCookies = await this.adminforth.auth.verify(passkeysCookies, 'tempLoginPasskeyChallenge', false);
       if (!decodedPasskeysCookies) {
         return { error: 'Invalid passkey' };
       }
@@ -384,7 +384,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
             if (!passkeysCookies) {
               return { error: 'Passkey token is required' };
             }
-            const decodedPasskeysCookies = await this.adminforth.auth.verify(passkeysCookies, 'tempPasskeyChallenge', false);
+            const decodedPasskeysCookies = await this.adminforth.auth.verify(passkeysCookies, 'tempLoginPasskeyChallenge', false);
             if (!decodedPasskeysCookies) {
               return { error: 'Invalid passkey' };
             }
@@ -604,7 +604,7 @@ export default class TwoFactorsAuthPlugin extends AdminForthPlugin {
             rpID: this.options.passkeys?.settings.rp.id,
             userVerification: this.options.passkeys?.settings.authenticatorSelection.userVerification || "required"
           });
-          const value = this.adminforth.auth.issueJWT({ "challenge": options.challenge }, 'tempPasskeyChallenge', '10m');
+          const value = this.adminforth.auth.issueJWT({ "challenge": options.challenge }, 'tempLoginPasskeyChallenge', '10m');
           this.adminforth.auth.setCustomCookie({response, payload: {name: `passkeyLoginTemporaryJWT`, value: value, expiry: undefined, expirySeconds: 10 * 60, httpOnly: true}});
           return { ok: true, data: options };
         } catch (e) {

From 6db08503842e5d8253da19b48604bea83e911d03 Mon Sep 17 00:00:00 2001
From: yaroslav8765 <pechorkin2014@gmail.com>
Date: Thu, 9 Oct 2025 11:13:02 +0300
Subject: [PATCH 6/6] fix: fix styling for the dark theme delete and edit
 dialogs for passkeys

---
 custom/TwoFactorsPasskeysSettings.vue | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/custom/TwoFactorsPasskeysSettings.vue b/custom/TwoFactorsPasskeysSettings.vue
index d4c0645..3c3990c 100644
--- a/custom/TwoFactorsPasskeysSettings.vue
+++ b/custom/TwoFactorsPasskeysSettings.vue
@@ -17,7 +17,7 @@
                         class="w-96"
                         :buttons="[
                             { label: 'Save', onclick: (dialog) => { renamePasskey(item.id, passkeysNewName); dialog.hide(); } },
-                            { label: 'Cancel', options: {class: 'bg-white focus:!ring-gray-200 !text-gray-900 hover:!bg-gray-200 dark:!bg-gray-800 dark:!text-gray-300 dark:hover:!bg-gray-700 dark:border-gray-900'}, onclick: (dialog) => {passkeysNewName = ''; dialog.hide();} },
+                            { label: 'Cancel', options: {class: 'bg-white focus:!ring-gray-200 !text-gray-900 hover:!bg-gray-200 dark:!bg-gray-800 dark:!text-gray-300 dark:hover:!bg-gray-700 dark:border-gray-900 dark:hover:!border-gray-800 dark:focus:!ring-gray-800'}, onclick: (dialog) => {passkeysNewName = ''; dialog.hide();} },
                         ]"
                         header="Edit Passkey"
                     >
@@ -48,8 +48,8 @@
                     <Dialog 
                         class="w-96"
                         :buttons="[
-                            { label: 'Delete', options: {class: 'bg-red-700 !text-white hover:!bg-red-600 focus:ring-2 focus:ring-red-500'}, onclick: (dialog) => { deletePasskey(item.id); dialog.hide(); } },
-                            { label: 'Cancel', options: {class: 'bg-white focus:!ring-gray-200 !text-gray-900 hover:!bg-gray-200'}, onclick: (dialog) => dialog.hide() },
+                            { label: 'Delete', options: {class: 'bg-red-700 !text-white hover:!bg-red-600 focus:ring-2 focus:ring-red-500 dark:!bg-red-700 dark:hover:!bg-red-600 dark:focus:ring-red-500 dark:!border-red-800'}, onclick: (dialog) => { deletePasskey(item.id); dialog.hide(); } },
+                            { label: 'Cancel', options: {class: 'bg-white focus:!ring-gray-200 !text-gray-900 hover:!bg-gray-200 dark:!text-white dark:!bg-gray-700 dark:hover:!bg-gray-800 dark:!border-gray-600 dark:focus:!ring-gray-800'}, onclick: (dialog) => dialog.hide() },
                         ]"
                         header="Delete Passkey"
                     >