8000 Integrate passkeys with separate username and password forms by rmartinc · Pull Request #40371 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Integrate passkeys with separate username and password forms #40371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 25, 2025

Conversation

rmartinc
Copy link
Contributor

Closes #40021

PR to add passkeys to the separate username and password form authenticators. This PR follows the same idea used in the previous issue but it needs two more things:

  1. The flow context adds a new method success(String) to mark the authenticator succeeded and it was used the passed credetial (otp, webauthn, cert, password,...). That type is added to the auth session in an attribute last.authn.credential.
  2. The password authenticator directly successes without waiting for input the password if the passkeys feature is enabled and the previous property is set to passwordless webauthn. That means the username form was authenticated using passkeys and the password step can be skipped.

Tests added in a similar way of the previous PRs.

Closes keycloak#40021

Signed-off-by: rmartinc <rmartinc@redhat.com>
Copy link
@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.cluster.RealmInvalidationClusterTest#crudWithFailover

Keycloak CI - Store IT (mariadb)

java.lang.RuntimeException: java.lang.IllegalStateException: Keycloak unexpectedly died :(
	at org.keycloak.testsuite.arquillian.containers.KeycloakQuarkusServerDeployableContainer.start(KeycloakQuarkusServerDeployableContainer.java:71)
	at org.jboss.arquillian.container.impl.ContainerImpl.start(ContainerImpl.java:185)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:137)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:133)
...

Report flaky test

@mposolda mposolda self-assigned this Jun 25, 2025
@mposolda
Copy link
Contributor

@rmartinc Approving, Thanks! There are probably some corner-cases when the behaviour might not be the desired one (For example when usernameForm and passwordForm are not at the same level, but in some different subflows of the authentication flow). But IMO great for now.

@mposolda mposolda merged commit cc7b63c into keycloak:main Jun 25, 2025
76 checks passed
@Romain7495
Copy link
Contributor

Hi @mposolda for the pending change that I proposed 2 weeks ago, the best way is to create a new issue ?

#40371 (review)

@rmartinc
Copy link
Contributor Author

@Romain7495 What change are you referring to?

@Romain7495
Copy link
Contributor

image

image

Maybe you are not seeing it because I am not contributor

@rmartinc
Copy link
Contributor Author

@Romain7495 Yep, create a new issue, I didn't think or test that scenario.

@rmartinc
Copy link
Contributor Author

@Romain7495 I have created #40717, I'll send a PR asap.

@Romain7495
Copy link
Contributor

Sorry I saw your message too late @rmartinc

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Passkeys conditional UI: integration with independent username and password form
3 participants
0