Allow fetching assertion challenge related to existing operation

wultra / powerauth-server

PowerAuth Server component is the back-end counterpart of PowerAuth Mobile SDK that holds device registrations and verifies MFA signatures.

GNU Affero General Public License v3.0

17 stars 11 forks source link

Allow fetching assertion challenge related to existing operation #1375

Closed petrdvorak closed 2 months ago

petrdvorak commented 7 months ago

Currently, combining multiple means of authentication on the web could result in multiple operations being created. We should allow requesting FIDO2 assertion challenge with the provided operation ID, so as to avoid this duplicity.

banterCZ commented 2 months ago

Add optional operationId to POST /fido2/assertions/challenge. If filled, we load the operation instead of creating a new one.

kopovan commented 2 months ago

I work with the table SELECT * FROM public.pa_operation ORDER BY timestamp_created DESC. I retrieve the ID and call the endpoint with operationId — no new record is created in the table. I call the endpoint without operationId — a new record is created in the table.