PoC adding passkey from dashboard

[lmuntaner]

Motivation

Proof Of Concept to add a passkey from the dashboard.

UX Flow

NOTE: This is not final yet - failing to create the passkey on the new device leaves a temporary key visible on the dashboard. The new device does not automatically login after creating the passkey yet (this is a browser API limitation and needs a major workaround). Styling is preliminary.

Changes

• Add feature flag CROSS_DEVICE_PASSKEYS
• Add flag-gated frontend functionality to add passkey on new client device
• Add new client device flow under /flow/
• Add backend query method to poll for the tentative device having been verified
• Add basic styling for new flows

Tests

• Added new passkey using the new flow

[sea-snake]

This should be changed back to false 😅

(Probably also why e2e tests are failing)

[lmuntaner]

Oops 🙈

[lmuntaner]

Looking good, thanks!

[lmuntaner]

I guess this doesn't need to be here? hehe

[LXIF]

No idea what this is, removing it.

[lmuntaner]

What principal does it return? Why not returning Ok: false if there is any error?

[LXIF]

I would consider Ok: false an antipattern. The whole point of Result is to use Ok for an error-free state and Err for errors. The principal returned is just the user's principal - I didn't come up with this, just using the error I get from the internal function. We can of course return something like Err: Unauthorized.

Apart from all that, Ok: false is already used for when it is not yet verified. Arguably there is still an issue there because this call fails as long as it is not yet verified.

[lmuntaner]

I'd say Err: Unauthorized makes sense as well, in another PR.

[LXIF]

That's what I implemented now roughly:
pub enum AuthnMethodVerifiedPollError { Unauthorized, }

[lmuntaner]

Don't yuo need to add "query" at the end to make it a query?

[LXIF]

done ✅

[lmuntaner]

Why call it it poll_for? This is not polling, is it?

Maybe has_tentative_device_registrations?

[LXIF]

Yes, we are polling.

[sea-snake]

I get the idea, but the method itself isn't actually going to poll anything once you call it, the frontend is actually doing the polling by repeatedly calling the method. This method could just as well be triggered by user interaction e.g. Refresh button instead of polling.

On another note, see the updated sequence diagram in Slack that includes this particular detail now and let me know if there's anything unclear/needs changes over there :D

[LXIF]

@sea-snake It polls exactly once 🤷🏻‍♂️ But if it's important to both of you we can rename it of course

[LXIF]

done ✅

[lmuntaner]

Doesn't this mean that all users won't see the "Add" button to link a Google account?

[LXIF]

No, it doesn't. This means you see the "Add" button if either:

• You have no google account linked
  OR
• The feature flag for cross device passkeys is enabled AND you have less than 8 authentication methods. (I think this should actually be 10, updating this)

[lmuntaner]

#pollForVerified is a number to clear the interval, should ca call it pollForVerifiedIntervalId?

And I'd rather use setTimeout to make sure we don't accumulate calls. Update calls can take a long time and might be longer than the interval.

[LXIF]

These are query calls. But yes, we can use a timeout pattern.

[LXIF]

done ✅

[lmuntaner]

I think you can do:

const { name } = await get(sessionStore).actor.identity_info(identityNumber).catch(throwCanisterError);

Isn't this how you intended to be used @sea-snake ?

[LXIF]

It's with .then but yes that works

[sea-snake]

To be precise, it's.then(throwCanisterError) instead of .catch(throwCanisterError).

And yes, the intend was to unwrap the Rust result type and throw an error if an Err value is present.

[LXIF]

done ✅

[lmuntaner]

Should we do a check before instead of using ! here?

[LXIF]

I don't think it's a problem but why not

[lmuntaner]

We don't control how it will break if it breaks. Can be done in another PR.

[LXIF]

Already fixed.

[lmuntaner]

Ditto above on how to use throwCanisterError

[LXIF]

done ✅

[lmuntaner]

ditto no !

[LXIF]

I don't think it's a problem but why not

[LXIF]

done ✅

[graphite-app]

The code assumes user is always present and valid, which could cause runtime errors if the parameter is missing or invalid. Consider adding validation before passing to BigInt():

const userParam = page.url.searchParams.get("user");
if (!userParam || isNaN(Number(userParam))) {
  // Handle error case - perhaps redirect or show error message
}
const flow = new AddPasskeyFlow(BigInt(userParam));

This would prevent uncaught exceptions when the URL is malformed or manually entered without the required parameter.

Suggested change

	const user = page.url.searchParams.get("user");
	const flow = new AddPasskeyFlow(BigInt(user!));
	const userParam = page.url.searchParams.get("user");
	if (!userParam || isNaN(Number(userParam))) {
	// Handle error case - perhaps redirect or show error message
	throw new Error("Invalid or missing user parameter");
	}
	const flow = new AddPasskeyFlow(BigInt(userParam));

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

[LXIF]

Done ✅

[graphite-app]

The polling method lacks proper error handling when the maximum polling attempts are reached. Currently, if counter reaches maxCount (1000), the promise neither resolves nor rejects, potentially leaving the caller hanging indefinitely. Consider adding a rejection when the maximum count is reached:

if (counter >= maxCount) {
  resolve(undefined); // or reject with an error
  return;
}

This ensures the promise always completes, allowing the caller to handle the timeout case appropriately.

Suggested change

	#pollForTentativeDevice = async (): Promise<DeviceData | undefined> => {
	const actor = await get(authenticatedStore).actor;
	// eslint-disable-next-line no-async-promise-executor
	return new Promise<DeviceData | undefined>(async (resolve) => {
	// TODO: Add countdown or timeout
	let counter = 0;
	const maxCount = 1000;
	while (counter < maxCount) {
	const anchorInfo = await actor.get_anchor_info(this.#identityNumber);
	const tentativeDevice =
	anchorInfo.device_registration[0]?.tentative_device[0];
	if (nonNullish(tentativeDevice)) {
	resolve(tentativeDevice);
	return;
	}
	// Debounce a little; in practice won't be noticed by users but
	// will avoid hot looping in case the op becomes near instantaneous.
	await waitFor(100);
	counter++;
	}
	});
	#pollForTentativeDevice = async (): Promise<DeviceData | undefined> => {
	const actor = await get(authenticatedStore).actor;
	// eslint-disable-next-line no-async-promise-executor
	return new Promise<DeviceData | undefined>(async (resolve) => {
	// TODO: Add countdown or timeout
	let counter = 0;
	const maxCount = 1000;
	while (counter < maxCount) {
	const anchorInfo = await actor.get_anchor_info(this.#identityNumber);
	const tentativeDevice =
	anchorInfo.device_registration[0]?.tentative_device[0];
	if (nonNullish(tentativeDevice)) {
	resolve(tentativeDevice);
	return;
	}
	// Debounce a little; in practice won't be noticed by users but
	// will avoid hot looping in case the op becomes near instantaneous.
	await waitFor(100);
	counter++;
	}
	// Resolve with undefined if max count is reached
	resolve(undefined);
	});

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

[LXIF]

Fixed ✅

[lmuntaner]

Closing, this has been merged in different PRs