dkam/clinch
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Add passkey option on TOTP page and auto-trigger passkey for TOTP users

Browse Source 
When a user has both passkeys and TOTP configured, auto-trigger the
passkey flow on login to save them from the password→TOTP path. Also
add a "Use Passkey Instead" button on the TOTP verification page as
an escape hatch for users who end up there.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dan Milne
2026-03-05 23:09:01 +11:00
parent 9dbde8ea31
commit c5898bd9a4
4 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/javascript/controllers/webauthn_controller.js
View File

@@ -49,8 +49,9 @@ export default class extends Controller {
}
});
// Auto-trigger passkey authentication if required
if (data.requires_webauthn) {
// Auto-trigger passkey authentication if required, or if user has both
// webauthn and TOTP (to save them from the password→TOTP flow)
if (data.requires_webauthn || (data.has_webauthn && data.has_totp)) {
setTimeout(() => this.authenticate(), 100);
}
} else {
@@ -289,6 +290,10 @@ export default class extends Controller {
if (!emailInput) {
emailInput = document.querySelector('input[name="user[email_address]"]');
}
// Fallback to hidden webauthn_email field (e.g., on TOTP verification page)
if (!emailInput) {
emailInput = document.querySelector('input[name="webauthn_email"]');
}
return emailInput ? emailInput.value.trim() : "";
}