supabase / auth-js / 17979937733 / 1
71%
master: 71%

DEFAULT BRANCH: master
Ran
Files 18
Run time 0s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 69.764% (-9.0%) from 78.749%
17979937733.1

push

github

web-flow 
feat: mfa with webauthn support (#1118)

## What kind of change does this PR introduce?

**Feature** - This PR introduces YubiKey support for Multi-Factor
Authentication (MFA) via WebAuthn, enabling users to authenticate with
hardware security keys.

## What is the current behavior?

Currently, Supabase Auth JS supports two MFA methods:
  - TOTP (Time-based One-Time Password) authenticators
  - SMS-based verification
 
## What is the new behavior?

This PR adds full WebAuthn support to the authentication library, the
defaults enable yubikey support at the moment, but it allows the user to
override some parameters client-side to use other types of passkey
methods.

The PR adds the 'webauthn' factor type, to `listFactors`, `enroll()`,
`challenge()`, and `verify()`

(De)serialization of the webauthn reponse/credential object is done
behind the scenes via dedicated objects.

it also adds a new `experimental` namespace `.mfa.webauthn` which has a
`.register()` and `.authenticate()` methods, these methods allows
**single click** yubikey 2FA addition with a single function call.

additionally, we have `webauthn.{enroll|challenge|verify}()`, which
abstract away some of the logic surrounding enrollment, interaction with
the verifier, and have defaults for factortype etc.

### Two ways to use the new api:
#### Single Step
```typescript
const { data, error } = await client.mfa.webauthn.register({
				friendlyName: `Security Key ${new Date().toLocaleDateString()}`,
				rpId: window.location.hostname,
				rpOrigins: [window.location.origin]
			}, {
				authenticatorSelection: {
					authenticatorAttachment: 'platform',
					residentKey: 'discouraged',
					userVerification: 'discouraged',
					requireResidentKey: false
				}
			});

			if (error) throw error;

			console.log(data); // <- session
```
#### Multi Step Composition
```typescript
const { enroll, challenge, verify } = new WebAuthnApi(client);
		return enroll({
			friendlyName: params.friendlyName
		})
		... (continued)

1070 of 1681 branches covered (63.65%)

Branch coverage included in aggregate %.

1475 of 1967 relevant lines covered (74.99%)

69.23 hits per line

Source Files on job 17979937733.1