search

corbado / javascript

MIT License
7 stars 2 forks source link

Registering passkey from PasskeyAppend screen on login flow #149

Closed aehnh closed 1 month ago

aehnh commented 4 months ago

Describe the bug Registering passkey from PasskeyAppend screen on login flow doesn't properly register passkey

To Reproduce Steps to reproduce the behavior:

  1. Go to '/auth' on Safari
  2. Create an account without registering passkey
  3. Log out
  4. Log in with email otp
  5. Land on PasskeyAppend screen
  6. Click on 'Activate'
  7. First attempt works so delete passkey and log out
  8. Log in again with the same account and complete the email otp verification
  9. Land on PasskeyAppend screen
  10. Click on 'Activate'
  11. Immediately land on LoggedIn page with no registered passkey

Expected behavior Passkey input should be prompted, and upon success, the passkey should show up in the LoggedIn screen

aehnh commented 4 months ago

Response from server when passkey is properly appended the first time:

{
    "data": {
        "paging": {
            "page": 1,
            "totalItems": 1,
            "totalPages": 1
        },
        "passkeys": [
            {
                "aaguid": "fbfc3007-154e-4ecc-8c0b-6e020557d7bd",
                "attestationType": "none",
                "backupEligible": true,
                "backupState": true,
                "created": "2024-01-23 09:26:23",
                "credentialHash": "wi3X30PLE1SV/FG5dO1cAr5+yJA=",
                "id": "cre-10957278541218297095",
                "lastUsed": "2024-01-23 09:26:23",
                "status": "active",
                "transport": [
                    "internal",
                    "hybrid"
                ],
                "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15"
            }
        ]
    },
    "httpStatusCode": 200,
    "message": "OK",
    "requestData": {
        "link": "https://app.corbado.com/pro-3652881945085154854/app/logs/requests/req-4870408127456318461",
        "requestID": "req-4870408127456318461"
    },
    "runtime": 0.09780745
}

Response from server when passkey is not properly added from the second time on:

{
    "data": {
        "paging": {
            "page": 0,
            "totalItems": 0,
            "totalPages": 0
        },
        "passkeys": []
    },
    "httpStatusCode": 200,
    "message": "OK",
    "requestData": {
        "link": "https://app.corbado.com/pro-3652881945085154854/app/logs/requests/req-5553848890997880823",
        "requestID": "req-5553848890997880823"
    },
    "runtime": 0.09498585
}
incorbador commented 1 month ago

fixed with v2