Description
Description
This task is about support passkeys in the username/password form. The GIF in the attached discussion shows what should be the ideal experience for the end user.
Implementation notes
In the issue #24264 it addressed "proposal 2" and introduced new authenticator for passkeys support with just username field.
This task is about make it possible to integrate with username/password screen. Few possibilities how to address this:
- Investigate if
FormActionSPIcan be used? This SPI is currently used for registration form. It allows to render single form (like registration form), but have separate "form actions" attached to it. If we go this path, we can have something like this in the configuration of authentication flow to address the use-case like "allow to authenticate user with conditional passkey OR with password":
- Username Password Form REQUIRED
- Passkeys action ALTERNATIVE
- Password ALTERNATIVE
-
Add something directly into
UsernamePasswordForm. I rather vote against it to avoid mixing username/password related logic with WebAuthn/passkeys logic. -
Introduce separate authenticator (something like
PasskeysUsernamePasswordForm?), which would be probably subclass ofUsernamePasswordFormand may have some additional capabilities related to passkeys. This path may involve updateUsernamePasswordFormas well (so it is possible to easily extend from it), butUsernamePasswordFormshould not have any WebAuthn/passkeys logic in itself
My vote of preferred approaches is 1, 3, 2 ATM
Discussion
Motivation
No response
Details
No response