kratos
kratos copied to clipboard
ory
Support webauthn for api login flows
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
Ory kratos does currently not support webauthn for api flows. The webauthn/login strategy has an explicit check to avoid handling login requests.
if f.Type != flow.TypeBrowser {
return nil, flow.ErrStrategyNotResponsible
}
Describe your ideal solution
Apps should be able to use webauthn login flows.
Instead of having the parameters in an onclick attribute of a button ui node. The the webauthn parametes should be easily accessible for an api client, e.g. by having the json argument included in the attributtes tree.
{
"type": "input",
"group": "webauthn",
"attributes": {
"name": "webauthn_register_trigger",
"type": "button",
"value": "",
"disabled": false,
"onclick": "window.__oryWebAuthnRegistration({...params-here...})",
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1040004,
"text": "Sign up with security key",
"type": "info"
}
}
}
Having the webauthn attributes easily available in an SPA browser client would also be very helpful btw.
Workarounds or alternatives
As a workaround one could use a browser session inside the app and use webauthn there but this does not feel as native as it could.
Version
v1.0.0
Additional Context
No response
