Open ptr1120 opened 8 months ago
Hi @ptr1120,
The authenticator extends WebAuthnPasswordlessAuthenticator
and If the username is empty, it calls super.action(context)
, meaning it follows the logic defined there.
If you want to customize this behavior, you can change the if clause and check whether the user has selected a WebAuthn mechanism. For example, you can validate if you have some of these parameters in the request:
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/authentication/authenticators/browser/WebAuthnAuthenticator.java#L151
Hello @embesozzi , thank you, but the username is not empty
, it is null
. You can try with just clicking on "Sign in" without entering a username.
Hello, thanks for providing this user friendly Keycloak authenticator. I set up my authentication flow using the WebAuthnConditionalAuthenticator and tested it using different scenarios. Thereby I noticed the user can click on "Sign in" without entering a username, which results in a NullPointerException
Is there a workaround or can the username somehow be validated?