feat(passkeys): add auth server passkey configs#20133
feat(passkeys): add auth server passkey configs#20133MagentaManifold wants to merge 1 commit intomainfrom
Conversation
MagentaManifold
left a comment
MagentaManifold
left a comment
There was a problem hiding this comment.
(I didn't feel the need to add a new section in README.md, with inline documentation being sufficiently detailed.)
| format: ['required', 'preferred', 'discouraged'], | ||
| }, | ||
| authenticatorAttachment: { | ||
| default: null, |
There was a problem hiding this comment.
Not sure it default should be null or undefined. Passkey config service uses undefined, but null seems more idiomatic for convict.
| }, | ||
| }, | ||
| challengeTimeout: { | ||
| default: 60000, |
There was a problem hiding this comment.
This may be a bit short. For reference, the spec recommends 300000 or 5 min:
https://w3c.github.io/webauthn/#sctn-timeout-recommended-range
| format: ['required', 'preferred', 'discouraged'], | ||
| }, | ||
| residentKey: { | ||
| default: 'preferred', |
There was a problem hiding this comment.
We should use required as default, otherwise credentials may not be discoverable.
| default: [], | ||
| doc: 'List of allowed origins for WebAuthn registration and authentication ceremonies. Must be full origins (scheme + host + optional port), e.g. ["https://accounts.firefox.com"]. Must have at least one entry when passkeys are enabled.', | ||
| env: 'PASSKEYS__ALLOWED_ORIGINS', | ||
| format: (val: unknown) => { |
There was a problem hiding this comment.
This should just be Array, and validation should be handled in the PasskeyConfig. We shouldn't throw here.
| } | ||
| } | ||
|
|
||
| // Required passkey configs |
There was a problem hiding this comment.
Passkey config is not required for core server infra, we must not throw here. This entire check should be removed from convict config and should be handled either in the feature gating (isPasskeyFeatureEnabled) or in the PasskeyConfigProvider (to be added).
MagentaManifold
force-pushed
the
FXA-13057
branch
from
fee1f69 to
ac54c39
Compare
| ); | ||
| Container.set(RecoveryPhoneService, recoveryPhoneService); | ||
|
|
||
| const passkeyConfig = buildPasskeyConfig(config.passkeys, log); |
There was a problem hiding this comment.
Added these just to demonstrate how it will be used in auth-server. Remove before merging
Because: * we need to load passkey configs to auth server This commit: * defines convict passkey configs Closes FXA-13057
MagentaManifold
force-pushed
the
FXA-13057
branch
from
ac54c39 to
e646737
Compare
2 participants
Because
This pull request
Issue that this pull request solves
Closes: FXA-13057
Checklist
Put an
xin the boxes that applyScreenshots (Optional)
Please attach the screenshots of the changes made in case of change in user interface.
Other information (Optional)
Any other information that is important to this pull request.