Skip to content

feat: add prf support#37

Merged
sirily11 merged 1 commit into
mainfrom
feat/webauthn-resident-key-prf
May 2, 2026
Merged

feat: add prf support#37
sirily11 merged 1 commit into
mainfrom
feat/webauthn-resident-key-prf

Conversation

@sirily11
Copy link
Copy Markdown
Contributor

@sirily11 sirily11 commented May 2, 2026

No description provided.

Copilot AI review requested due to automatic review settings May 2, 2026 10:28
@vercel
Copy link
Copy Markdown

vercel Bot commented May 2, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
rxlab-auth Ready Ready Preview, Comment May 2, 2026 10:29am

Request Review

@sirily11 sirily11 enabled auto-merge (squash) May 2, 2026 10:28
@autopilot-project-manager autopilot-project-manager Bot added the enhancement New feature or request label May 2, 2026
Copilot AI reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates WebAuthn passkey registration option generation to request the PRF extension and to require resident (discoverable) credentials, covering both the shared WebAuthn config helper and the admin registration options endpoint.

Changes:

  • Tighten WebAuthn authenticatorSelection to require resident keys (residentKey: "required" + requireResidentKey: true).
  • Add extensions: { prf: {} } to registration options to enable PRF negotiation.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
lib/webauthn/config.ts Updates shared passkey registration options to require resident keys and request PRF extension.
app/api/admin/passkey/register/options/route.ts Mirrors the same resident-key requirement and PRF extension in the admin registration options endpoint.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread lib/webauthn/config.ts
Comment on lines 24 to 27
authenticatorSelection: {
residentKey: "preferred",
residentKey: "required",
requireResidentKey: true,
userVerification: "preferred",
Comment thread app/api/admin/passkey/register/options/route.ts
Comment on lines 51 to +60
authenticatorSelection: {
residentKey: "preferred",
residentKey: "required",
requireResidentKey: true,
userVerification: "preferred",
authenticatorAttachment: "platform",
},
supportedAlgorithmIDs: [-7, -257], // ES256, RS256
extensions: { prf: {} } as Parameters<
typeof generateRegistrationOptions
>[0]["extensions"],
Comment thread lib/webauthn/config.ts
Comment on lines +34 to 35
extensions: { prf: {} } as GenerateRegistrationOptionsOpts["extensions"],
};
Comment thread lib/webauthn/config.ts
Comment on lines +31 to 35
// PRF extension isn't in @simplewebauthn's DOM types yet, but is passed
// through to the client and enables HKDF-based symmetric key derivation
// at authentication time (e.g. for E2EE key wrapping).
extensions: { prf: {} } as GenerateRegistrationOptionsOpts["extensions"],
};
@sirily11 sirily11 merged commit 11b5809 into main May 2, 2026
7 checks passed
@sirily11 sirily11 deleted the feat/webauthn-resident-key-prf branch May 2, 2026 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sirily11