Page MenuHomePhabricator
Create Task
Maniphest T412077

Add API endpoint for creating a passkey
Closed, ResolvedPublic
Actions

Description

Currently WebAuthn has an api.php endpoint for getting registration info, but key creation is done through an onSubmit handler in WebAuthnAddKeyForm. In order to be able to create passkeys on other pages (which T410336 requires), we need there to be an api.php endpoint for creating a passkey.

This endpoint should be able to create both regular WebAuthn keys ("security keys") and passkeys. It should accept an optional name for the key if it's passed in, or automatically generate one if not (T410938).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
AddPasskeyDialog: Use new WebAuthn API to create passkeymediawiki/extensions/OATHAuthmaster+17 -41
Refactor WebAuthn registration to use API endpointmediawiki/extensions/WebAuthnmaster+214 -130
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedCatropeT410336 Redesign passkey creation form
 ResolvedmmartoranaT412077 Add API endpoint for creating a passkey

Event Timeline

Catrope created this task.Dec 9 2025, 6:18 AM
Catrope triaged this task as High priority.Dec 13 2025, 1:08 AM
Catrope moved this task from Inbox to Passkey Support on the FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support) board.
gerritbot added a comment.Dec 22 2025, 7:29 PM

Change #1220389 had a related patch set uploaded (by Mmartorana; author: Mmartorana):

[mediawiki/extensions/WebAuthn@master] Refactor WebAuthn registration to use API endpoint

https://gerrit.wikimedia.org/r/1220389

gerritbot added a project: Patch-For-Review.Dec 22 2025, 7:29 PM
gerritbot added a comment.Jan 5 2026, 9:02 PM

Change #1223265 had a related patch set uploaded (by Catrope; author: Catrope):

[mediawiki/extensions/OATHAuth@master] AddPasskeyDialog: Use new WebAuthn API to create passkey

https://gerrit.wikimedia.org/r/1223265

Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Jan 6 2026, 10:09 PM
gerritbot added a comment.Jan 7 2026, 10:46 PM

Change #1220389 merged by jenkins-bot:

[mediawiki/extensions/WebAuthn@master] Refactor WebAuthn registration to use API endpoint

https://gerrit.wikimedia.org/r/1220389

mmartorana closed this task as Resolved.Jan 8 2026, 5:45 PM
gerritbot added a comment.Jan 8 2026, 6:46 PM

Change #1223265 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] AddPasskeyDialog: Use new WebAuthn API to create passkey

https://gerrit.wikimedia.org/r/1223265

Maintenance_bot removed a project: Patch-For-Review.Jan 8 2026, 7:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits