Page MenuHomePhabricator
Create Task
Maniphest T393329

Support WebAuthn second factor login on Wikimedia Commons app
Open, Needs TriagePublic
Actions

Description

NOTE: This is the placeholder, the Commons app doesn't seem to use Phabricator. Github issue: commons-app/apps-android-commons#6305

WebAuthn will eventually replace TOTP as the recommended 2FA method, as it's more secure and easier to use.

The Commons app has dedicated logic for TOTP-based 2FA, and I imagine it likewise needs dedicated logic for WebAuthn-based 2FA.

Currently for users who have chosen WebAuthn, the clientlogin API will return a WebAuthnAuthenticationRequest after the password entry, rather than a TOTPAuthenticationRequest. The workflow might change slightly after T242031: Allow multiple different 2FA devices is finished.

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits