Page MenuHomePhabricator

SO878 Step 3: Finalize settings and user experience
Closed, ResolvedPublic

Description

Objective: The user experience using WebAuthn is smooth and seamless. Also, users can
enable and disable the method.
The following functions are the result of this project phase

  • User setting to enable WebAuthn
  • Integration of necessary form fields in login and registration form
  • Configuration variables on the server side to customize WebAuthn

Details

Related Gerrit Patches:
mediawiki/extensions/OATHAuth : masterUI upgrade

Event Timeline

Osnard created this task.Mar 13 2019, 2:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2019, 2:09 PM

Change 527089 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OATHAuth@master] UI upgrade

https://gerrit.wikimedia.org/r/527089

Reedy added a subscriber: Reedy.EditedAug 7 2019, 5:01 PM

^ to show the re-introduction of the empty "available" section. And below is how it currently is in master

Reedy added a comment.EditedAug 7 2019, 5:09 PM

As mentioned in T226056 too... I wonder if we should have some sort of non technical/"laymans" description?

And I guess in the totp case... Some sort of mobile app suggestion/recommendations?

FB/Google examples:

Re-introduction of empty "Available methods" section is now fixed

One minor niggle, but I'm guesing it's due to the existence of the button and the text... Is that "TOTP (one-time token)" is slightly higher than "Two-factor authentication:"

Not going to block the merge on it though

Change 527089 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] UI upgrade

https://gerrit.wikimedia.org/r/527089

TheDJ added a subscriber: TheDJ.Sep 9 2019, 10:07 AM

I like this improvement a lot ! The messages do indeed still need some work.

I was looking at the screenshot of FB by Reedy and was wondering if we too should consider making the recovery codes a separate method ? Might make more sense.

Reedy added a comment.Sep 9 2019, 1:01 PM

I like this improvement a lot ! The messages do indeed still need some work.

Patches welcome ;)

I was looking at the screenshot of FB by Reedy and was wondering if we too should consider making the recovery codes a separate method ? Might make more sense.

Could be an interesting thing to do. Because the WebAuthn method technically has no recovery method... Beyond allowing multiple devices/keys

Seems worth filing it as a separate task, as it's possibly out of scope for this