feat: add MFA for WebAuthn #1775
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
J0
commented
Sep 27, 2024
J0
force-pushed
the
j0/add_webauthn
branch
2 times, most recently
from
4bafb15 to
cb1ac2a
Compare
J0
commented
Sep 28, 2024
J0
commented
Sep 28, 2024
Contributor
Author
|
Not quite ready yet, please check back after 12pm CEST tomorrow.. |
hf
reviewed
Sep 30, 2024
Pull Request Test Coverage Report for Build 11293653315Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
J0
commented
Oct 1, 2024
hf
reviewed
Oct 3, 2024
Contributor
hf
left a comment
hf
left a comment
There was a problem hiding this comment.
Very good, very close! Thanks!
J0
force-pushed
the
j0/add_webauthn
branch
2 times, most recently
from
c9b18e3 to
cc764cc
Compare
hf
reviewed
Oct 10, 2024
hf
reviewed
Oct 10, 2024
hf
approved these changes
Oct 10, 2024
Contributor
hf
left a comment
hf
left a comment
There was a problem hiding this comment.
Pretty solid. Approving but please consider the points especially about scanning.
Co-authored-by: Stojan Dimitrovski <[email protected]>
J0
commented
Oct 10, 2024
J0
commented
Oct 10, 2024
J0
commented
Oct 10, 2024
J0
commented
Oct 10, 2024
Co-authored-by: Stojan Dimitrovski <[email protected]>
J0
commented
Oct 11, 2024
Contributor
Author
|
Merging first but let's not release until we do a full test with the updated frontend bindings. I will follow up on that front. None of the code below should be active since it's flagged behind |
cstockton
pushed a commit
that referenced
this pull request
Oct 15, 2024
🤖 I have created a release *beep* *boop* --- ## [2.163.0](v2.162.2...v2.163.0) (2024-10-15) ### Features * add mail header support via `GOTRUE_SMTP_HEADERS` with `$messageType` ([#1804](#1804)) ([99d6a13](99d6a13)) * add MFA for WebAuthn ([#1775](#1775)) ([8cc2f0e](8cc2f0e)) * configurable email and sms rate limiting ([#1800](#1800)) ([5e94047](5e94047)) * mailer logging ([#1805](#1805)) ([9354b83](9354b83)) * preserve rate limiters in memory across configuration reloads ([#1792](#1792)) ([0a3968b](0a3968b)) ### Bug Fixes * add twilio verify support on mfa ([#1714](#1714)) ([aeb5d8f](aeb5d8f)) * email header setting no longer misleading ([#1802](#1802)) ([3af03be](3af03be)) * enforce authorized address checks on send email only ([#1806](#1806)) ([c0c5b23](c0c5b23)) * fix `getExcludedColumns` slice allocation ([#1788](#1788)) ([7f006b6](7f006b6)) * Fix reqPath for bypass check for verify EP ([#1789](#1789)) ([646dc66](646dc66)) * inline mailme package for easy development ([#1803](#1803)) ([fa6f729](fa6f729)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
cemalkilic
pushed a commit
that referenced
this pull request
Aug 7, 2025
## What kind of change does this PR introduce? Adds MFA for WebAuthn and supporting migrations ## What is the current behavior? MFA for Phone and MFA for TOTP is supported ## What is the new behavior? Developers can use MFA For WebAuthn to sign in --------- Co-authored-by: Stojan Dimitrovski <[email protected]>
cemalkilic
pushed a commit
that referenced
this pull request
Aug 7, 2025
🤖 I have created a release *beep* *boop* --- ## [2.163.0](v2.162.2...v2.163.0) (2024-10-15) ### Features * add mail header support via `GOTRUE_SMTP_HEADERS` with `$messageType` ([#1804](#1804)) ([99d6a13](99d6a13)) * add MFA for WebAuthn ([#1775](#1775)) ([8cc2f0e](8cc2f0e)) * configurable email and sms rate limiting ([#1800](#1800)) ([5e94047](5e94047)) * mailer logging ([#1805](#1805)) ([9354b83](9354b83)) * preserve rate limiters in memory across configuration reloads ([#1792](#1792)) ([0a3968b](0a3968b)) ### Bug Fixes * add twilio verify support on mfa ([#1714](#1714)) ([aeb5d8f](aeb5d8f)) * email header setting no longer misleading ([#1802](#1802)) ([3af03be](3af03be)) * enforce authorized address checks on send email only ([#1806](#1806)) ([c0c5b23](c0c5b23)) * fix `getExcludedColumns` slice allocation ([#1788](#1788)) ([7f006b6](7f006b6)) * Fix reqPath for bypass check for verify EP ([#1789](#1789)) ([646dc66](646dc66)) * inline mailme package for easy development ([#1803](#1803)) ([fa6f729](fa6f729)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
xeladotbe
pushed a commit
to xeladotbe/supabase-auth
that referenced
this pull request
Sep 27, 2025
## What kind of change does this PR introduce? Adds MFA for WebAuthn and supporting migrations ## What is the current behavior? MFA for Phone and MFA for TOTP is supported ## What is the new behavior? Developers can use MFA For WebAuthn to sign in --------- Co-authored-by: Stojan Dimitrovski <[email protected]>
xeladotbe
pushed a commit
to xeladotbe/supabase-auth
that referenced
this pull request
Sep 27, 2025
🤖 I have created a release *beep* *boop* --- ## [2.163.0](supabase/auth@v2.162.2...v2.163.0) (2024-10-15) ### Features * add mail header support via `GOTRUE_SMTP_HEADERS` with `$messageType` ([supabase#1804](supabase#1804)) ([99d6a13](supabase@99d6a13)) * add MFA for WebAuthn ([supabase#1775](supabase#1775)) ([8cc2f0e](supabase@8cc2f0e)) * configurable email and sms rate limiting ([supabase#1800](supabase#1800)) ([5e94047](supabase@5e94047)) * mailer logging ([supabase#1805](supabase#1805)) ([9354b83](supabase@9354b83)) * preserve rate limiters in memory across configuration reloads ([supabase#1792](supabase#1792)) ([0a3968b](supabase@0a3968b)) ### Bug Fixes * add twilio verify support on mfa ([supabase#1714](supabase#1714)) ([aeb5d8f](supabase@aeb5d8f)) * email header setting no longer misleading ([supabase#1802](supabase#1802)) ([3af03be](supabase@3af03be)) * enforce authorized address checks on send email only ([supabase#1806](supabase#1806)) ([c0c5b23](supabase@c0c5b23)) * fix `getExcludedColumns` slice allocation ([supabase#1788](supabase#1788)) ([7f006b6](supabase@7f006b6)) * Fix reqPath for bypass check for verify EP ([supabase#1789](supabase#1789)) ([646dc66](supabase@646dc66)) * inline mailme package for easy development ([supabase#1803](supabase#1803)) ([fa6f729](supabase@fa6f729)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
issuedat
pushed a commit
that referenced
this pull request
Sep 30, 2025
## What kind of change does this PR introduce? Adds MFA for WebAuthn and supporting migrations ## What is the current behavior? MFA for Phone and MFA for TOTP is supported ## What is the new behavior? Developers can use MFA For WebAuthn to sign in --------- Co-authored-by: Stojan Dimitrovski <[email protected]>
issuedat
pushed a commit
that referenced
this pull request
Sep 30, 2025
🤖 I have created a release *beep* *boop* --- ## [2.163.0](v2.162.2...v2.163.0) (2024-10-15) ### Features * add mail header support via `GOTRUE_SMTP_HEADERS` with `$messageType` ([#1804](#1804)) ([99d6a13](99d6a13)) * add MFA for WebAuthn ([#1775](#1775)) ([8cc2f0e](8cc2f0e)) * configurable email and sms rate limiting ([#1800](#1800)) ([5e94047](5e94047)) * mailer logging ([#1805](#1805)) ([9354b83](9354b83)) * preserve rate limiters in memory across configuration reloads ([#1792](#1792)) ([0a3968b](0a3968b)) ### Bug Fixes * add twilio verify support on mfa ([#1714](#1714)) ([aeb5d8f](aeb5d8f)) * email header setting no longer misleading ([#1802](#1802)) ([3af03be](3af03be)) * enforce authorized address checks on send email only ([#1806](#1806)) ([c0c5b23](c0c5b23)) * fix `getExcludedColumns` slice allocation ([#1788](#1788)) ([7f006b6](7f006b6)) * Fix reqPath for bypass check for verify EP ([#1789](#1789)) ([646dc66](646dc66)) * inline mailme package for easy development ([#1803](#1803)) ([fa6f729](fa6f729)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Adds MFA for WebAuthn and supporting migrations
What is the current behavior?
MFA for Phone and MFA for TOTP is supported
What is the new behavior?
Developers can use MFA For WebAuthn to sign in