Page MenuHomePhabricator
Create Task
Maniphest T410938

Automatically generate passkey name based on AAGUID
Closed, ResolvedPublic
Actions

Description

The passkey creation UI in T410336 does not contain an input for the passkey name, and instead we'll need to automatically generate a name. We should do this based on the AAGUID, which identifies the password manager that created the passkey (and possibly based on other things like which browser was used -- I've asked @EMill-WMF and @KieranMcCann-WMF to decide what these auto-generated names should look like).

  • Figure out how to set up an AAGUID -> user readable name mapping
  • Integrate that into the passkey creation process once T410336 is done

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Refactor WebAuthn registration to use API endpointmediawiki/extensions/WebAuthnmaster+214 -130
Customize query in gerrit

Related Objects

Event Timeline

Catrope created this task.Nov 24 2025, 6:38 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2025, 6:38 PM
Catrope triaged this task as Medium priority.Nov 24 2025, 6:38 PM
Catrope mentioned this in T410336: Redesign passkey creation form.
Catrope moved this task from Inbox to Passkey Support on the FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support) board.
Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Dec 1 2025, 6:26 PM
mmartorana added a comment.Dec 8 2025, 6:54 PM

Given the scope, I think it seems reasonable to start with a simple lookup table that maps known AAGUIDs to readable device names (e.g. Google Password Manager, iCloud Keychain, YubiKey 5 Series, etc...). This can be either hardcoded at first, or stored in a small static file. I think that is a good starting point rather than some more complex approach for now.

For unknown AAGUIDs, a possible fallback is to assign a generic label, either something derived from the AAGUID itself (such as a short prefix) or a neutral name like “Passkey on this device.”

We should clarify what UX we prefer for this case.

Catrope mentioned this in T412077: Add API endpoint for creating a passkey.Dec 9 2025, 6:18 AM
Catrope raised the priority of this task from Medium to High.Dec 13 2025, 1:02 AM
gerritbot added a comment.Dec 22 2025, 7:29 PM

Change #1220389 had a related patch set uploaded (by Mmartorana; author: Mmartorana):

[mediawiki/extensions/WebAuthn@master] Refactor WebAuthn registration to use API endpoint

https://gerrit.wikimedia.org/r/1220389

gerritbot added a project: Patch-For-Review.Dec 22 2025, 7:29 PM
gerritbot added a comment.Jan 7 2026, 10:46 PM

Change #1220389 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Refactor WebAuthn registration to use API endpoint

https://gerrit.wikimedia.org/r/1220389

Maintenance_bot removed a project: Patch-For-Review.Jan 7 2026, 11:31 PM
mmartorana closed this task as Resolved.Jan 8 2026, 5:45 PM
mmartorana updated the task description. (Show Details)Jan 20 2026, 11:19 AM
Reedy mentioned this in T416654: Create script to update KNOWN_AAGUIDS from an upstream.Mar 18 2026, 9:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits