supabase / auth-js / 17979937733
71%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 18
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 69.764% (-10.0%) from 79.786%
17979937733

push

github

web-flow 
feat: mfa with webauthn support (#1118)

## What kind of change does this PR introduce?

**Feature** - This PR introduces YubiKey support for Multi-Factor
Authentication (MFA) via WebAuthn, enabling users to authenticate with
hardware security keys.

## What is the current behavior?

Currently, Supabase Auth JS supports two MFA methods:
  - TOTP (Time-based One-Time Password) authenticators
  - SMS-based verification
 
## What is the new behavior?

This PR adds full WebAuthn support to the authentication library, the
defaults enable yubikey support at the moment, but it allows the user to
override some parameters client-side to use other types of passkey
methods.

The PR adds the 'webauthn' factor type, to `listFactors`, `enroll()`,
`challenge()`, and `verify()`

(De)serialization of the webauthn reponse/credential object is done
behind the scenes via dedicated objects.

it also adds a new `experimental` namespace `.mfa.webauthn` which has a
`.register()` and `.authenticate()` methods, these methods allows
**single click** yubikey 2FA addition with a single function call.

additionally, we have `webauthn.{enroll|challenge|verify}()`, which
abstract away some of the logic surrounding enrollment, interaction with
the verifier, and have defaults for factortype etc.

### Two ways to use the new api:
#### Single Step
```typescript
const { data, error } = await client.mfa.webauthn.register({
				friendlyName: `Security Key ${new Date().toLocaleDateString()}`,
				rpId: window.location.hostname,
				rpOrigins: [window.location.origin]
			}, {
				authenticatorSelection: {
					authenticatorAttachment: 'platform',
					residentKey: 'discouraged',
					userVerification: 'discouraged',
					requireResidentKey: false
				}
			});

			if (error) throw error;

			console.log(data); // <- session
```
#### Multi Step Composition
```typescript
const { enroll, challenge, verify } = new WebAuthnApi(client);
		return enroll({
			friendlyName: params.friendlyName
		})
		... (continued)

1070 of 1681 branches covered (63.65%)

Branch coverage included in aggregate %.

45 of 258 new or added lines in 5 files covered. (17.44%)

20 existing lines in 3 files now uncovered.

1475 of 1967 relevant lines covered (74.99%)

69.23 hits per line

New Missed Lines in Diff

Lines Coverage File
4
73.78
 -0.97% src/GoTrueClient.ts
60
4.48
 src/lib/webauthn.errors.ts
149
7.96
 src/lib/webauthn.ts

Uncovered Existing Lines

Lines Coverage File
3
98.13
 -1.88% src/lib/base64url.ts
6
73.78
 -0.97% src/GoTrueClient.ts
11
86.57
 -6.48% src/lib/helpers.ts
Jobs
ID Job ID Ran Files Coverage
1 17979937733.1 18
69.76
 GitHub Action Run
Source Files on build 17979937733