Skip to content

feat: webauthn #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 51 commits into
base: 0.30
Choose a base branch
from
Open

feat: webauthn #583

wants to merge 51 commits into from

Conversation

namsnath
Copy link
Contributor

@namsnath namsnath commented Apr 23, 2025

Summary of change

Adds Webauthn (Passkeys) support

  • Adds Webauthn recipe with support for:
    • Registration, sign-in, and credential verification flows
    • Account recovery
  • Adds new API endpoints for WebAuthn operations:
    • GET /api/webauthn/email/exists - Check if email exists in system
    • POST /api/webauthn/options/register - Handle registration options
    • POST /api/webauthn/options/signin - Handle sign-in options
    • POST /api/webauthn/signin - Handle WebAuthn sign-in
    • POST /api/webauthn/signup - Handle WebAuthn sign-up
    • POST /api/user/webauthn/reset - Handle account recovery
    • POST /api/user/webauthn/reset/token - Generate recovery tokens
  • Adds WebAuthn support to account linking functionality:
    • Support for linking users based on WebAuthn credential_id
    • Updates AccountInfo type to AccountInfoInput with WebAuthn fields
    • Adds has_same_webauthn_info_as method for credential comparison
  • Adds FDI support for version 4.1
  • Recipe functions are directly importable from the Webauthn recipe module
    • from supertokens_python.recipe.webauthn import sign_in
      
      await sign_in(...) # Async
      sign_in.sync(...) # Sync

Breaking Changes

  • Updates supported CDI version from 5.2 to 5.3
  • Changes AccountInfo to AccountInfoInput in various methods
    • This is required to allow querying by a single Webauthn credential_id, while the Webauthn login method contains an array of credential_ids
    • Affected functions:
      • supertokens_python.asyncio.list_users_by_account_info
      • supertokens_python.syncio.list_users_by_account_info
      • supertokens_python.recipe.accountlinking.interface.RecipeInterface.list_users_by_account_info
      • supertokens_python.recipe.accountlinking.recipe_implementation.RecipeImplementation.list_users_by_account_info

Related issues

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here highlighting the necessary changes)

Checklist for important updates

  • Changelog has been updated
  • coreDriverInterfaceSupported.json file has been updated (if needed)
    • Along with the associated array in supertokens_python/constants.py
  • frontendDriverInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In setup.py
    • In supertokens_python/constants.py
  • Had installed and ran the pre-commit hook
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.
  • If have added a new web framework, update the supertokens_python/utils.py file to include that in the FRAMEWORKS variable
  • If added a new recipe that has a User type with extra info, then be sure to change the User type in supertokens_python/types.py
  • Make sure that syncio / asyncio functions are consistent.
  • If access token structure has changed
    • Modified test in tests/sessions/test_access_token_version.py to account for any new claims that are optional or omitted by the core

Remaining TODOs for this PR

@namsnath namsnath self-assigned this May 5, 2025
@namsnath namsnath force-pushed the feat/webauthn/base branch from 385d297 to 76169e2 Compare May 9, 2025 13:40
namsnath added 28 commits May 22, 2025 17:55
- Requires changes to make types compatible with older objects
- Uses dataclasses
- Makes types compatible with webauthn
- Moves `types` module to `types/base.py`
  - Re-exported from `types.base` to maintain backward compatibility
- Updates imports for `types` module
- Moves response classes to `types/response.py`
- Uses a common type for all kwargs
- Uses specific types for various code paths
- Adds additional checks for input types
- Pending: Update utils used in the endpoint
- Removes `dataclasses-json` dep
- Adds AccountInfoInput class
  - Updates usages in some functions
- Implements remaining api implementation functions
- Implements EmailDelivery package
- Updates API types to work with email delivery functions
- Splits WebauthnConfig into normalised and input classes
- Adds webauthn utils module
- Moves auth_utils imports out of type_checking block - this is needed at runtime
- Adds `__future__` annotations to api functions
- Converts config classes to dataclasses
- Adds APIOptions model rebuild to webauthn init file
- Exposes a `sync` function to call function synchronously
- Adds missing `rp_id` to `SignInOptionsPOSTResponse`
- Updates body parsing for `register_options_api` to handle optional fields
- Updates types to match CDI
- Adds defaults for literal types with one option
- Adds `None` defaults for optional types
- Adds serializers for `User` and `RecipeUserId`
- Implements remaining functions from Node SDK
- Changes `config` input in `RecipeImplementation` to be a property rather than a function
- Adds `to_json`/`from_json` calls to (de)serialize various objects for use
- Handles `User` and `RecipeUserId` parsing for models manually
- Adds missing imports
@namsnath namsnath force-pushed the feat/webauthn/base branch from 5778619 to d6590e3 Compare May 22, 2025 12:26
@namsnath namsnath requested review from porcellus and sattvikc May 22, 2025 13:49
namsnath added 5 commits May 26, 2025 14:12
- Remove functions from `__init__` that are not exposed in Node
- Rename `Api` to `API` (Interface/Implementation)
- Move `UserContext` type alias to common types module
- Move error map util to common utils module
@namsnath namsnath marked this pull request as ready for review May 28, 2025 08:14
@namsnath namsnath requested a review from sattvikc May 28, 2025 08:14
Copy link

promptless bot commented May 28, 2025

📝 Documentation updates detected!

New suggestion: Update WebAuthn/Passkeys documentation for Python SDK support

@namsnath namsnath changed the base branch from 0.29 to 0.30 May 28, 2025 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants