Skip to content

fix(auth): add admin passkey toggle#45

Merged
intel352 merged 2 commits into
mainfrom
codex/auth-admin-passkey-toggle
Jun 3, 2026
Merged

fix(auth): add admin passkey toggle#45
intel352 merged 2 commits into
mainfrom
codex/auth-admin-passkey-toggle

Conversation

@intel352
Copy link
Copy Markdown
Contributor

@intel352 intel352 commented Jun 3, 2026

Summary

  • add passkey_auth_enabled/passkey_enabled policy inputs so passkeys can be disabled without clearing WebAuthn RP config
  • expose passkey_auth_enabled in the reusable admin auth config controls
  • extend strict proto contracts and regressions

Verification

  • GOWORK=off go test ./... -count=1
  • GOWORK=off go vet ./...
  • wfctl plugin validate --file plugin.json --strict-contracts
  • PLUGIN_MANIFEST_EXPECT_VERSION=0.0.0 GOWORK=off go test ./internal -run TestIntegration_PluginManifestAndStepTypes -count=1

Copilot AI review requested due to automatic review settings June 3, 2026 07:01
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an explicit admin/policy toggle to disable passkey authentication without requiring WebAuthn relying party configuration to be cleared, and extends the plugin’s strict proto contracts to include the new inputs.

Changes:

  • Add passkey_auth_enabled / passkey_enabled inputs and treat strict false as a hard disable for passkeys (while still requiring RP config to be present to enable).
  • Expose passkey_auth_enabled as an admin config control and skip RP validation when passkeys are explicitly disabled.
  • Extend protobuf contracts (and generated code) and add/update regression tests and changelog entry.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
internal/step_methods_policy.go Adds passkey “configured vs enabled” split and introduces strict-false parsing helpers.
internal/step_methods_policy_test.go Adds regression coverage for disabling passkeys (needs additional cases per review).
internal/step_admin_config.go Exposes passkey toggle in admin controls and bypasses RP validation when disabled.
internal/step_admin_config_test.go Updates admin describe test to include/verify the new toggle control.
internal/contracts/auth.proto Adds optional proto fields for passkey toggle inputs/config.
internal/contracts/auth.pb.go Regenerates Go bindings for the updated proto contracts.
CHANGELOG.md Documents the new passkey toggle behavior.
Files not reviewed (1)
  • internal/contracts/auth.pb.go: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/step_methods_policy_test.go
Comment thread internal/step_admin_config.go
@intel352 intel352 merged commit 7d21561 into main Jun 3, 2026
6 checks passed
@intel352 intel352 deleted the codex/auth-admin-passkey-toggle branch June 3, 2026 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@intel352