Page MenuHomePhabricator
Create Task
Maniphest T407776

Remove maxKeysPerUser from WebAuthn
Closed, ResolvedPublic
Actions

Description

I believe the WebAuthn config for maxKeysPerUser is basically irrelevant in the multi module world, but did allow multiple keys via webauthn prior to that...

It's an arbitrary low limit of 5 (webauthn) keys that can be registered... so it should just be removed.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Drop maxKeysPerUser configmediawiki/extensions/WebAuthnmaster+0 -37
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedMstylesT407859 Add limit to number of 2FA devices
 ResolvedReedyT407776 Remove maxKeysPerUser from WebAuthn

Event Timeline

Reedy created this task.Oct 20 2025, 4:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 20 2025, 4:33 PM
gerritbot added a comment.Oct 20 2025, 4:38 PM

Change #1197307 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/WebAuthn@master] Drop maxKeysPerUser config

https://gerrit.wikimedia.org/r/1197307

gerritbot added a project: Patch-For-Review.Oct 20 2025, 4:38 PM
Reedy added a project: Technical-Debt.Oct 20 2025, 4:39 PM
Reedy mentioned this in T407859: Add limit to number of 2FA devices.Oct 21 2025, 2:11 PM
Reedy added a parent task: T407859: Add limit to number of 2FA devices.
Catrope moved this task from Inbox to Tech debt cleanup on the FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support) board.Oct 21 2025, 4:49 PM
Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Oct 23 2025, 12:29 AM
Catrope closed this task as Resolved.Nov 6 2025, 8:14 PM
Catrope assigned this task to Reedy.
gerritbot added a comment.Nov 6 2025, 8:42 PM

Change #1197307 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Drop maxKeysPerUser config

https://gerrit.wikimedia.org/r/1197307

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.2; 2025-11-12).Nov 6 2025, 9:00 PM
Maintenance_bot removed a project: Patch-For-Review.Nov 6 2025, 9:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits