Skip to content

SDKS-5212 Add preferImmediatelyAvailableCredentials option to FIDO authentication#173

Open
george-bafaloukas-forgerock wants to merge 3 commits into
developfrom
fido-prefer-immediately-available-credentials
Open

SDKS-5212 Add preferImmediatelyAvailableCredentials option to FIDO authentication#173
george-bafaloukas-forgerock wants to merge 3 commits into
developfrom
fido-prefer-immediately-available-credentials

Conversation

@george-bafaloukas-forgerock

Copy link
Copy Markdown
Contributor

JIRA Ticket

SDKS-5212

Description

Adds a preferImmediatelyAvailableCredentials option to FIDO authentication, restricting the ceremony to locally-available credentials (no QR / nearby-device fallback), matching the legacy FRWebAuthnManager.signInWith(preferImmediatelyAvailableCredentials:) behavior.

Exposed on:

  • Fido.authenticate (core)
  • FidoAuthenticationCollector.authenticate (DaVinci)
  • FidoAuthenticationCallback.authenticate (Journey)

Defaults to false to preserve existing behavior. When true, the security-key (cross-platform) request is not built, since a hardware key can never be "immediately available" on the local device, and performRequests(options: .preferImmediatelyAvailableCredentials) is used to suppress the QR/nearby-device fallback UI.

Also includes an unrelated pre-existing bug fix (request.displayName = options.user.displayName in createPlatformRequest) so the WebAuthn Registration Node's configured display name is shown during passkey creation instead of falling back to the username.

Sample app (FidoAuthenticationCallbackView/FidoAuthenticationCollectorView) exposes the new option via a "Local credentials only" toggle.

Checklist:

  • I ran all unit tests and they pass
  • I added test case coverage for my changes

…thentication

Restricts the FIDO authentication ceremony to locally-available credentials
(no QR / nearby-device fallback), matching the legacy FRWebAuthnManager
behavior. Exposed on Fido.authenticate, FidoAuthenticationCollector.authenticate
(DaVinci), and FidoAuthenticationCallback.authenticate (Journey); defaults to
false to preserve existing behavior.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

@vahancouver vahancouver left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Falls back to options.user.name only when displayName is empty, matching
request.displayName which already used displayName unconditionally.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

@spetrov spetrov left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

4 participants