Maniphest T393251

Support WebAuthn second factor login on Wikimedia Android app
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Tgr
	May 3 2025, 10:53 AM

Tags

Referenced Files

None

Subscribers

Description

WebAuthn will eventually replace TOTP as the recommended 2FA method, as it's more secure and easier to use.

Android has dedicated logic for TOTP-based 2FA, and I imagine it likewise needs dedicated logic for WebAuthn-based 2FA.

Currently for users who have chosen WebAuthn, the clientlogin API will return a WebAuthnAuthenticationRequest after the password entry, rather than a TOTPAuthenticationRequest. The workflow might change slightly after T242031: Allow multiple different 2FA devices is finished.

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T396400 [Epic] Improvements to Authentication workflows
		Open		None	T393251 Support WebAuthn second factor login on Wikimedia Android app

Event Timeline

Tgr created this task.May 3 2025, 10:53 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 3 2025, 10:53 AM

Tgr added a parent task: T242031: Allow multiple different 2FA devices.May 3 2025, 10:54 AM

Reedy moved this task from Backlog to User Experience on the MediaWiki-extensions-OATHAuth board.May 3 2025, 2:04 PM

Dbrant moved this task from Needs Triage to Product Backlog on the Wikipedia-Android-App-Backlog board.May 20 2025, 4:13 PM

Dupe of T230043: Add WebAuthn support to Mobile apps?

Dbrant added a parent task: T396400: [Epic] Improvements to Authentication workflows.Jun 17 2025, 4:13 PM

Tgr mentioned this in T399654: Ensure Mobile Apps are supported with 2FA changes.Jul 31 2025, 5:38 PM

Tgr removed a parent task: T242031: Allow multiple different 2FA devices.Aug 1 2025, 3:18 PM

Nictitate subscribed.Jan 11 2026, 9:37 PM