diff --git a/.env.example b/.env.example
index 379dac8..be90849 100644
--- a/.env.example
+++ b/.env.example
@@ -22,7 +22,7 @@ CLIENT_ID=eis_client_dev
CLIENT_SECRET=asd123
# Scopes
-SCOPE=openid idcard mid smartid
+REACT_APP_SCOPE=openid idcard mid smartid
# Response type
RESPONSE_TYPE=code
diff --git a/server/index.js b/server/index.js
index 4c42388..b875df3 100644
--- a/server/index.js
+++ b/server/index.js
@@ -37,7 +37,7 @@ const {
REDIRECT_URL,
SESSION_SECRET,
TOKEN_PATH,
- SCOPE,
+ REACT_APP_SCOPE,
RESPONSE_TYPE,
} = process.env;
@@ -98,31 +98,40 @@ const redirect_uri =
: `https://${HOST}${REDIRECT_URL}`;
// grant auth
-app.use(
- grant({
- defaults: {
- protocol: 'https',
- host: HOST,
- state: true,
- callback: '/auth/callback',
- transport: 'querystring',
+const grantConfig = {
+ defaults: {
+ protocol: 'https',
+ host: HOST,
+ state: true,
+ callback: '/auth/callback',
+ transport: 'querystring',
+ },
+ openid: {
+ authorize_url: ISSUER_URL + AUTH_PATH,
+ access_url: ISSUER_URL + TOKEN_PATH,
+ oauth: 2,
+ key: CLIENT_ID,
+ secret: CLIENT_SECRET,
+ scope: REACT_APP_SCOPE,
+ redirect_uri,
+ response_type: RESPONSE_TYPE,
+ callback: REDIRECT_URL,
+ custom_params: {
+ ui_locales: LOCALE,
},
- openid: {
- authorize_url: ISSUER_URL + AUTH_PATH,
- access_url: ISSUER_URL + TOKEN_PATH,
- oauth: 2,
- key: CLIENT_ID,
- secret: CLIENT_SECRET,
- scope: SCOPE,
- redirect_uri,
- response_type: RESPONSE_TYPE,
- callback: REDIRECT_URL,
- custom_params: {
- ui_locales: LOCALE,
- },
+ }
+};
+
+if (REACT_APP_SCOPE.includes('webauthn')) {
+ grantConfig.openid.scope = REACT_APP_SCOPE.replace(/(?:^|\s)webauthn(?:\s|$)/, ' ').trim();
+ grantConfig.openid.overrides = {
+ webauthn: {
+ scope: REACT_APP_SCOPE,
},
- })
-);
+ };
+ }
+
+app.use(grant(grantConfig));
app.use(helmet());
// api
diff --git a/src/pages/LoginPage/LoginPage.jsx b/src/pages/LoginPage/LoginPage.jsx
index 786ab20..4867561 100644
--- a/src/pages/LoginPage/LoginPage.jsx
+++ b/src/pages/LoginPage/LoginPage.jsx
@@ -5,7 +5,7 @@ import { Button, Container, Icon, Form } from 'semantic-ui-react';
import PropTypes from 'prop-types';
import { MainLayout, MessageModule } from '../../components';
-const { REACT_APP_SERVER_PORT, REACT_APP_URL } = process.env;
+const { REACT_APP_SCOPE, REACT_APP_SERVER_PORT, REACT_APP_URL } = process.env;
const authPath =
process.env.NODE_ENV === 'development'
@@ -48,6 +48,16 @@ function LoginPage({ user, ui }) {
+ {REACT_APP_SCOPE && REACT_APP_SCOPE.includes('webauthn') && (
+
+ )}
diff --git a/src/translations/en.json b/src/translations/en.json
index e2e582d..9fbc057 100644
--- a/src/translations/en.json
+++ b/src/translations/en.json
@@ -2,6 +2,7 @@
"actions.confirm.no": "No",
"actions.confirm.yes": "Yes",
"actions.login": "Sign in",
+ "actions.webauthn-login": "Sign in with a passkey",
"actions.save": "Save",
"app.title": "EIS Registrant portal",
"companies.addresses": "Addresses",
diff --git a/src/translations/et.json b/src/translations/et.json
index d3d9d89..1d8acb2 100644
--- a/src/translations/et.json
+++ b/src/translations/et.json
@@ -2,6 +2,7 @@
"actions.confirm.no": "Ei",
"actions.confirm.yes": "Jah",
"actions.login": "Logi sisse",
+ "actions.webauthn-login": "Logi sisse pääsuvõtmega",
"actions.save": "Salvesta",
"app.title": "EIS Registreerijaportaal",
"companies.addresses": "Aadressid",