Skip to content

feat: webauthn #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 51 commits into
base: 0.30
Choose a base branch
from
Open

feat: webauthn #583

wants to merge 51 commits into from

Conversation

namsnath
Copy link
Contributor

@namsnath namsnath commented Apr 23, 2025
edited
Loading

Summary of change

Adds Webauthn (Passkeys) support

  • Adds Webauthn recipe with support for:
    • Registration, sign-in, and credential verification flows
    • Account recovery
  • Adds new API endpoints for WebAuthn operations:
    • GET /api/webauthn/email/exists - Check if email exists in system
    • POST /api/webauthn/options/register - Handle registration options
    • POST /api/webauthn/options/signin - Handle sign-in options
    • POST /api/webauthn/signin - Handle WebAuthn sign-in
    • POST /api/webauthn/signup - Handle WebAuthn sign-up
    • POST /api/user/webauthn/reset - Handle account recovery
    • POST /api/user/webauthn/reset/token - Generate recovery tokens
  • Adds WebAuthn support to account linking functionality:
    • Support for linking users based on WebAuthn credential_id
    • Updates AccountInfo type to AccountInfoInput with WebAuthn fields
    • Adds has_same_webauthn_info_as method for credential comparison
  • Adds FDI support for version 4.1
  • Recipe functions are directly importable from the Webauthn recipe module 
    • from supertokens_python.recipe.webauthn import sign_in

await sign_in(...) # Async
sign_in.sync(...) # Sync

Breaking Changes

  • Updates supported CDI version from 5.2 to 5.3
  • Changes AccountInfo to AccountInfoInput in various methods
    • This is required to allow querying by a single Webauthn credential_id, while the Webauthn login method contains an array of credential_ids
    • Affected functions:
      • supertokens_python.asyncio.list_users_by_account_info
      • supertokens_python.syncio.list_users_by_account_info
      • supertokens_python.recipe.accountlinking.interface.RecipeInterface.list_users_by_account_info
      • supertokens_python.recipe.accountlinking.recipe_implementation.RecipeImplementation.list_users_by_account_info

Related issues

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here highlighting the necessary changes)

Checklist for important updates

  • Changelog has been updated
  • coreDriverInterfaceSupported.json file has been updated (if needed)
    • Along with the associated array in supertokens_python/constants.py
  • frontendDriverInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In setup.py
    • In supertokens_python/constants.py
  • Had installed and ran the pre-commit hook
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.
  • If have added a new web framework, update the supertokens_python/utils.py file to include that in the FRAMEWORKS variable
  • If added a new recipe that has a User type with extra info, then be sure to change the User type in supertokens_python/types.py
  • Make sure that syncio / asyncio functions are consistent.
  • If access token structure has changed
    • Modified test in tests/sessions/test_access_token_version.py to account for any new claims that are optional or omitted by the core

Remaining TODOs for this PR

@namsnath namsnath self-assigned this May 5, 2025
@namsnath namsnath force-pushed the feat/webauthn/base branch from 385d297 to 76169e2 Compare May 9, 2025 13:40
namsnath added 28 commits May 22, 2025 17:55
@namsnath
feat: port config types, setup skeleton
1c46102
@namsnath
update: uses generic type for overrides
1dc46f4
@namsnath
feat: adds register_options types, uses dataclasses
75dd645
@namsnath
fix: cyclic import
fd66bd3
@namsnath
refactor: use dataclasses
d1b5ac2
@namsnath
feat: adds remaining RecipeInterface methods/types
9d205c3
@namsnath
feat: adds ApiInterface methods/types
7b633bb
@namsnath
fix: inconsistencies
c7902ca
@namsnath
feat: adds recipe implementation
e0ecd16 
- Requires changes to make types compatible with older objects
@namsnath
update: LinkingToSessionUserFailedError types
3751c41 
- Uses dataclasses
- Makes types compatible with webauthn
- Moves `types` module to `types/base.py`
  - Re-exported from `types.base` to maintain backward compatibility
- Updates imports for `types` module
- Moves response classes to `types/response.py`
@namsnath
update: fixes types for kwargs
a786a19 
- Uses a common type for all kwargs
- Uses specific types for various code paths
- Adds additional checks for input types
@namsnath
update: rename base dataclass, fix types
5a86342
@namsnath
refactor: Switch to Pydantic models instead of dataclass
ffe3a71
@namsnath
feat: implements sign_in_post
2b74292 
- Pending: Update utils used in the endpoint
@namsnath
update: adds pydantic dependency
e91df08 
- Removes `dataclasses-json` dep
@namsnath
feat: APIImplementation, EmailDelivery
bea7436 
- Adds AccountInfoInput class
  - Updates usages in some functions
- Implements remaining api implementation functions
- Implements EmailDelivery package
- Updates API types to work with email delivery functions
- Splits WebauthnConfig into normalised and input classes
- Adds webauthn utils module
@namsnath
feat: adds recipe and api functions
409b0e0
@namsnath
update: update auth-react django server
5e2a7ca
@namsnath
update: fix circular imports from auth_utils/webauthn
173ce7d
@namsnath
fix: return WebauthnRecipe instance from init
add6404
@namsnath
update: remove __future__ annotations from webauthn
9a282e2
@namsnath
fix: cyclic imports
b126c08 
- Moves auth_utils imports out of type_checking block - this is needed at runtime
- Adds `__future__` annotations to api functions
- Converts config classes to dataclasses
- Adds APIOptions model rebuild to webauthn init file
@namsnath
fix: input config type
5ec1d3d
@namsnath
feat: adds syncify decorator
cd80d8f 
- Exposes a `sync` function to call function synchronously
@namsnath
feat: adds function wrappers
64532a6
@namsnath
fix: user webauthn types, update querier cdi version
a0ae4e8
@namsnath
fix: various issues
8ad9a1b 
- Adds missing `rp_id` to `SignInOptionsPOSTResponse`
- Updates body parsing for `register_options_api` to handle optional fields
- Updates types to match CDI
- Adds defaults for literal types with one option
- Adds `None` defaults for optional types
- Adds serializers for `User` and `RecipeUserId`
- Implements remaining functions from Node SDK
- Changes `config` input in `RecipeImplementation` to be a property rather than a function
- Adds `to_json`/`from_json` calls to (de)serialize various objects for use
- Handles `User` and `RecipeUserId` parsing for models manually
- Adds missing imports
@namsnath
update: creates models in api functions
1ec9e9b
namsnath added 14 commits May 22, 2025 17:55
@namsnath
update: defaults for options APIs
e2b91e5 
- Excludes optional fields from query data
@namsnath
feat: adds webauthn support to backend sdk testing server
4c89dc8
@namsnath
update: removes model validation from server endpoints
5383fda 
- Allows testing for edge-cases
@namsnath
update: removes model validation from api endpoints
f6e5193 
- Lets validation errors come from the core
@namsnath
update: remove dataclasses_json refs
60a360e
@namsnath
update: return error if credential validation fails in API methods
61fe34c
@namsnath
fix: null checks for email
3289e89
@namsnath
fix: adds type ignores
eaaf5f2
@namsnath
fix: recover token flow not being able to find email
24da5f7
@namsnath
feat: auth-react servers
f66f5fb
@namsnath
fix: backend-sdk mock parsing
080ad61 
- update setup version
@namsnath
fix: failing unit-test
6bb6927
@namsnath
update: add backend-sdk server logs
5c98f01
@namsnath
fix: failing unit test
d6590e3
@namsnath namsnath force-pushed the feat/webauthn/base branch from 5778619 to d6590e3 Compare May 22, 2025 12:26
@namsnath namsnath requested review from porcellus and sattvikc May 22, 2025 13:49
sattvikc
sattvikc requested changes May 23, 2025
View reviewed changes
namsnath added 5 commits May 26, 2025 14:12
@namsnath
refactor: review comments
468d4f5 
- Remove functions from `__init__` that are not exposed in Node
- Rename `Api` to `API` (Interface/Implementation)
- Move `UserContext` type alias to common types module
- Move error map util to common utils module
@namsnath
update: match get_origin types with AppInfo implementation
ad03588
@namsnath
feat: adds UTs for Webauthn config
36e4478
@namsnath
update: changelog
3186b11
@namsnath
fix: add missing test function
1841adb
@namsnath namsnath marked this pull request as ready for review May 28, 2025 08:14
@namsnath namsnath requested a review from sattvikc May 28, 2025 08:14
@promptless Promptless
Copy link

promptless bot commented May 28, 2025

📝 Documentation updates detected!

New suggestion: Update WebAuthn/Passkeys documentation for Python SDK support

@namsnath namsnath changed the base branch from 0.29 to 0.30 May 28, 2025 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@porcellus porcellus Awaiting requested review from porcellus

@sattvikc sattvikc Awaiting requested review from sattvikc

Requested changes must be addressed to merge this pull request.

Assignees

@namsnath namsnath

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@namsnath @sattvikc