Page MenuHomePhabricator
Create Task
Maniphest T410332

Backend support for UV passkeys
Closed, ResolvedPublic
Actions

Description

We want to enable users to register passkeys with user verification, initially just for use as a second factor, but later for passwordless login as well. We'll need the following initial backend changes to enable the rest of the work:

  • A feature flag to enable/disable this new passkeys feature
  • Add a field to WebAuthnKey that flags whether the key was created as a passkey that supports passwordless login, and make sure this field is persisted in the database (by adding it to jsonSerialize())
  • Add a supportsPasswordlessLogin() method to AuthKey, and make it return true for WebAuthnKeys that have the passwordless flag

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add field for supportsPasswordlessmediawiki/extensions/WebAuthnmaster+48 -1
Add feature flags for new passkey featuresmediawiki/extensions/OATHAuthmaster+4 -0
Add supportsPasswordlessLogin to AuthKeymediawiki/extensions/OATHAuthmaster+8 -1
Customize query in gerrit

Event Timeline

Catrope created this task.Nov 17 2025, 10:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 17 2025, 10:53 PM
Catrope moved this task from Inbox to Passkey Support on the FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support) board.Nov 17 2025, 10:53 PM
Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Nov 17 2025, 10:58 PM
Catrope triaged this task as High priority.Nov 17 2025, 11:20 PM
gerritbot added a comment.Nov 18 2025, 9:43 PM

Change #1206963 had a related patch set uploaded (by Mstyles; author: Mstyles):

[mediawiki/extensions/OATHAuth@master] Add feature flags for new passkey features

https://gerrit.wikimedia.org/r/1206963

gerritbot added a project: Patch-For-Review.Nov 18 2025, 9:43 PM
gerritbot added a comment.Nov 19 2025, 3:10 AM

Change #1207006 had a related patch set uploaded (by Mstyles; author: Mstyles):

[mediawiki/extensions/OATHAuth@master] Add supportsPasswordlessLogin to AuthKey

https://gerrit.wikimedia.org/r/1207006

gerritbot added a comment.Nov 19 2025, 3:16 AM

Change #1207007 had a related patch set uploaded (by Mstyles; author: Mstyles):

[mediawiki/extensions/WebAuthn@master] Add field for supportsPasswordless

https://gerrit.wikimedia.org/r/1207007

gerritbot added a comment.Nov 19 2025, 9:04 PM

Change #1207006 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Add supportsPasswordlessLogin to AuthKey

https://gerrit.wikimedia.org/r/1207006

gerritbot added a comment.Nov 19 2025, 9:08 PM

Change #1206963 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Add feature flags for new passkey features

https://gerrit.wikimedia.org/r/1206963

Catrope assigned this task to Mstyles.Nov 19 2025, 9:09 PM
Catrope updated the task description. (Show Details)
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.4; 2025-11-25).Nov 19 2025, 10:00 PM
gerritbot added a comment.Nov 20 2025, 9:46 PM

Change #1207007 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Add field for supportsPasswordless

https://gerrit.wikimedia.org/r/1207007

Mstyles closed this task as Resolved.Nov 20 2025, 9:49 PM
Mstyles updated the task description. (Show Details)
Maintenance_bot removed a project: Patch-For-Review.Nov 20 2025, 10:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits