Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[rokwire#674] Refactor account auth types (#18)
* add app-env.json and update port * Update app-env.json * Update app-env.json * update detect-secrets, update secrets baseline * update secrets baseline * update makefile versioning * Update Makefile Fix typo * print version * upgrade go to v1.20 * fix secrets * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * [rokwire#659] WebAuthn authentication (#7) * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * fix error handling * fix login issues for mobile * upgrade dependencies * [rokwire#659] webauthn authentication (#8) * initial webauthn implementation (in progress) * refactor webauthn to handle credentials, update docs * avoid creating inaccessible accounts * fix webauthn registration issues, add webauthn test page * fix webauthn login flow * update changelog * fix error handling * fix login issues for mobile * upgrade dependencies * add webauthn to account check types * add configs for authenticator selection to supported auth type params * add configs for authenticator selection to supported auth type params (#10) * start adding verification types (contains errors) [rokwire#665] * continue splitting auth and verification types [rokwire#665] * finish implementing password auth type, start code verification type, add phone verifier interface [rokwire#665] * finish refactoring identifier, auth types, start updating apis [rokwire#665] * upgrade dependencies * finish fixing errors [rokwire#665] * fix passkey errors [rokwire#665] * bug fixes, email with passkey not working because no params in email auth type * update identifier impl and auth impl getters to better handle backwards compatibility (has errors) * bug fixes, email and passkey not completing registration * add json omitempty tags to credential structs * better identifier type parsing * passkeys using email and username identifiers working * start fixing phone, passkey auth * bug fixes for phone and passkey, better error messages * simplify phone verifier interface * phone auth type link working, add authCommunicationChannel interface to handle verification functions * add ability to link webauthn credentials to accounts * only set username if empty * Change messages handling for verification * remove commented blocks * cleanup * return verified auth types when cannot find account with username but not identifier * bug fixes * fix phone auth type docs * make sure usernames are lowercase, do not fail if phone verifier fails to init * start refactoring account auth types into account auth types and account identifiers, do not store identifiers in credentials (contains errors) * more progress, identifier type and auth type simplifications * read email verification settings from config, refactor verify credential APIs to verify identifier * build error fixes, add account identifier storage operations * start preparing for multiple credentials of same type (e.g., passkeys) * some progress implementing passkey with identifier flow * rewrite passkey flows * build error cleanup, start moving account external IDs into identifiers, refactor shared profile stuff * start fixing shared profiles * comment shared profile functionality * update API docs for linking auth types and identifiers, more error fixes * more API doc tweaks, more error fixes, remove all uses of claims.UID * more link and unlink request body tweaks * do not store account auth type ID in login session, instead use identifier to get account * start working on link account auth type implementation updates * more link auth type updates * finish implementing link identifier, some code auth type bug fixes * match LinkAccountIdentifier interface definition * fix remaining build errors, begin implementing DB migration * add support for login using external identifiers, update more request body definitions * identifiers bug fixes, fix build errors * update db indexes * start implementing db migration * do not allow generic oidc auth type code - no specified identity provider * implement app org and auth type migrations * credentials migration working, use json convert utils func * login session migration done * accounts migration done, a few bug fixes related to external IDs * move migration functions into separate file * more bug fixes, accountAuthTypesToDef not working * email and phone login fixes, finish implementing identifier-less login * bug fixes * linking, unlinking bug fixes * more linking, unlinking bug fixes and identifier verification email bug fixes * username login, webauthn backwards compatible login bug fixes * fix identifier-less webauthn login, update canLink * fix passkey sign up * return account on webauthn signup * make OIDC ID tokens optional * add sign-in-options API, update login API to accept account identifier ID * finish implementing sign in options and login with identifier ID * mask email and phone identifiers for sign in options, add regexp to validate emails * clean up linking, unlinking * fix unlink examples, sign in options fix, handle nil identifier when linking * upgrade dependencies, set username in token claims * use error statuses for auth type and identifier linking * allow webauthn credentials to be created after account already exists * update changelog * updates and fixes for conde_oidc, started refactoring email and phone from profile, username from account into identifiers * fix build errors * start handling external email identifiers * implement profile email and phone and account username migrations * set sensitive flags for email and phone migrations * finish implementing identifier sensitive field, return profile email, phone and username for BC * disallow updating account username to empty string * add sensitive field to account identifier api model * bug fixes * mark email as external if it matches external email field * usernames verified by default, identifiers used to sign up with webauthn unverified by default * auth type unlink bug fixes * simplify link auth type transaction, add app type identifier to webauthn aat params * fix link docs example * return identifiers on auth type link and unlink * improve external identifier migration, add IsEmailVerified flag * do not change email sensitivity on update external identifiers * remove API docs comment * fix go mod --------- Co-authored-by: Stephen Hurwit <[email protected]> Co-authored-by: Stephen Hurwit <[email protected]> Co-authored-by: akshadpai <[email protected]>
- Loading branch information
4 people
authored
Oct 6, 2023
1 parent
4eb98cc
commit 10b1b4e