Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It should be possible to name existing webauthn authenticators. #362

Open
zelch opened this issue Sep 14, 2022 · 0 comments
Open

It should be possible to name existing webauthn authenticators. #362

zelch opened this issue Sep 14, 2022 · 0 comments

Comments

@zelch
Copy link

zelch commented Sep 14, 2022

When a user already has webauthn authenticators setup with Okta, and they have more than one, it would be quite helpful if they could provide names or aliases so that they can select the authenticator that they have on hand.

Expected Behavior

When using an 'unnamed' webauthn authenticator, we should prompt for a name or alias on successful use.

After that, we should include that name or alias when printing the list of possible MFA factors.

Current Behavior

Today, you will have multiple entries like:

Multi-factor Authentication required.
Pick a factor:                                                                                                                          
[0] webauthn: Authenticator                                                                                                             
[1] webauthn: Authenticator

With the suggested behavior, you would instead get something like:

Multi-factor Authentication required.
Pick a factor:                                                                                                                          
[0] webauthn: Authenticator                                                                                                             
[1] webauthn: Desktop Yubikey

Possible Solution

PR incoming.

A further possible enhancement would be to get a list of webauthn devices currently connected, and if there is a single webauthn device matching the list of possible webauthn devices from Okta only list that device.

However that is definitely a more involved change,

Steps to Reproduce (for bugs)

Register multiple webauthn authenticators through the Okta web interface, attempt to authenticate with gimme-aws-creds, and make a guess as to which option is the authenticator currently plugged in.

Context

Trying to guess which entry is the connected device is a poor experience, and it definitely made me second guess myself at first.

Your Environment

  • App Version used: Current git HEAD, 9606411
  • Operating System and version:
    MacOS Monterey, Version 12.5.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zelch