Frontend passkey management

Author: tonkku107

frontend/locales/en.json

@@ -55,6 +55,24 @@
         "title": "Edit profile",
         "username_label": "Username"
       },
+      "passkeys": {
+        "add": "Add passkey",
+        "challenge_invalid_error": "The request expired, please try again.",
+        "created_at_message": "Created {{date}}",
+        "delete_button_confirmation_modal": {
+          "action": "Delete passkey",
+          "body": "Delete this passkey?"
+        },
+        "delete_button_title": "Remove passkey",
+        "exists_error": "This passkey already exists.",
+        "last_used_message": "Last used {{date}}",
+        "name_field_help": "Give your passkey a name you can identify later",
+        "name_field_label": "Name",
+        "name_invalid_error": "The entered name is invalid",
+        "never_used_message": "Never used",
+        "response_invalid_error": "The response from your passkey was invalid: {{error}}",
+        "title": "Passkeys"
+      },
       "password": {
         "change": "Change password",
         "change_disabled": "Password changes are disabled by the administrator.",
@@ -64,10 +82,7 @@
         "button": "Sign out of account",
         "dialog": "Sign out of this account?"
       },
-      "title": "Your account",
-      "passkeys": {
-        "title": "Passkeys"
-      }
+      "title": "Your account"
     },
     "add_email_form": {
       "email_denied_error": "The entered email is not allowed by the server policy",

frontend/package-lock.json

@@ -36,7 +36,8 @@
     "react-i18next": "^15.4.1",
     "swagger-ui-dist": "^5.20.1",
     "valibot": "^1.0.0-rc.4",
-    "vaul": "^1.1.2"
+    "vaul": "^1.1.2",
+    "webauthn-polyfills": "^0.1.5"
   },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
@@ -87,6 +88,8 @@
     "vitest": "^3.0.5"
   },
   "msw": {
-    "workerDirectory": [".storybook/public"]
+    "workerDirectory": [
+      ".storybook/public"
+    ]
   }
 }

frontend/package.json

@@ -0,0 +1,31 @@
+/* Copyright 2025 New Vector Ltd.
+*
+* SPDX-License-Identifier: AGPL-3.0-only
+* Please see LICENSE in the repository root for full details.
+*/
+
+.user-passkey-delete-icon {
+  color: var(--cpd-color-icon-critical-primary);
+}
+
+button[disabled] .user-passkey-delete-icon {
+  color: var(--cpd-color-icon-disabled);
+}
+
+.passkey-modal-box {
+  display: flex;
+  align-items: center;
+  gap: var(--cpd-space-4x);
+  border: 1px solid var(--cpd-color-gray-400);
+  padding: var(--cpd-space-3x);
+  font: var(--cpd-font-body-md-semibold);
+
+  & > svg {
+    color: var(--cpd-color-icon-secondary);
+    background-color: var(--cpd-color-bg-subtle-secondary);
+    padding: var(--cpd-space-2x);
+    border-radius: var(--cpd-space-2x);
+    inline-size: var(--cpd-space-10x);
+    block-size: var(--cpd-space-10x);
+  }
+}

frontend/src/components/UserPasskey/UserPasskey.module.css

@@ -0,0 +1,225 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+import { useMutation, useQueryClient } from "@tanstack/react-query";
+import type { ReactNode } from "@tanstack/react-router";
+import IconDelete from "@vector-im/compound-design-tokens/assets/web/icons/delete";
+import {
+  Button,
+  EditInPlace,
+  ErrorMessage,
+  Form,
+  IconButton,
+  Tooltip,
+} from "@vector-im/compound-web";
+import { parseISO } from "date-fns";
+import { type ComponentProps, useState } from "react";
+import { Translation, useTranslation } from "react-i18next";
+import { type FragmentType, graphql, useFragment } from "../../gql";
+import { graphqlRequest } from "../../graphql";
+import { formatReadableDate } from "../DateTime";
+import { Close, Description, Dialog, Title } from "../Dialog";
+import styles from "./UserPasskey.module.css";
+
+const FRAGMENT = graphql(/* GraphQL */ `
+  fragment UserPasskey_passkey on UserPasskey {
+    id
+    name
+    lastUsedAt
+    createdAt
+  }
+`);
+
+const REMOVE_PASSKEY_MUTATION = graphql(/* GraphQL */ `
+  mutation RemovePasskey($id: ID!) {
+    removePasskey(input: { id: $id }) {
+      status
+    }
+  }
+`);
+
+const RENAME_PASSKEY_MUTATION = graphql(/* GraphQL */ `
+  mutation RenamePasskey($id: ID!, $name: String!) {
+    renamePasskey(input: { id: $id, name: $name }) {
+      status
+    }
+  }
+`);
+
+const DeleteButton: React.FC<{ disabled?: boolean; onClick?: () => void }> = ({
+  disabled,
+  onClick,
+}) => (
+  <Translation>
+    {(t): ReactNode => (
+      <Tooltip label={t("frontend.account.passkeys.delete_button_title")}>
+        <IconButton
+          type="button"
+          disabled={disabled}
+          className="m-2"
+          onClick={onClick}
+          size="var(--cpd-space-8x)"
+        >
+          <IconDelete className={styles.userPasskeyDeleteIcon} />
+        </IconButton>
+      </Tooltip>
+    )}
+  </Translation>
+);
+
+const DeleteButtonWithConfirmation: React.FC<
+  ComponentProps<typeof DeleteButton> & { name: string }
+> = ({ name, onClick, ...rest }) => {
+  const { t } = useTranslation();
+  const onConfirm = (): void => {
+    onClick?.();
+  };
+
+  // NOOP function, otherwise we dont render a cancel button
+  const onDeny = (): void => {};
+
+  return (
+    <Dialog trigger={<DeleteButton {...rest} />}>
+      <Title>
+        {t("frontend.account.passkeys.delete_button_confirmation_modal.body")}
+      </Title>
+      <Description className={styles.passkeyModalBox}>
+        <div>{name}</div>
+      </Description>
+      <div className="flex flex-col gap-4">
+        <Close asChild>
+          <Button
+            kind="primary"
+            destructive
+            onClick={onConfirm}
+            Icon={IconDelete}
+          >
+            {t(
+              "frontend.account.passkeys.delete_button_confirmation_modal.action",
+            )}
+          </Button>
+        </Close>
+        <Close asChild>
+          <Button kind="tertiary" onClick={onDeny}>
+            {t("action.cancel")}
+          </Button>
+        </Close>
+      </div>
+    </Dialog>
+  );
+};
+
+const UserPasskey: React.FC<{
+  passkey: FragmentType<typeof FRAGMENT>;
+  onRemove: () => void;
+}> = ({ passkey, onRemove }) => {
+  const { t } = useTranslation();
+  const data = useFragment(FRAGMENT, passkey);
+  const [value, setValue] = useState(data.name);
+  const queryClient = useQueryClient();
+
+  const removePasskey = useMutation({
+    mutationFn: (id: string) =>
+      graphqlRequest({ query: REMOVE_PASSKEY_MUTATION, variables: { id } }),
+    onSuccess: (_data) => {
+      onRemove?.();
+      queryClient.invalidateQueries({ queryKey: ["userPasskeys"] });
+    },
+  });
+  const renamePasskey = useMutation({
+    mutationFn: ({ id, name }: { id: string; name: string }) =>
+      graphqlRequest({
+        query: RENAME_PASSKEY_MUTATION,
+        variables: { id, name },
+      }),
+    onSuccess: (data) => {
+      if (data.renamePasskey.status !== "RENAMED") {
+        return;
+      }
+      queryClient.invalidateQueries({ queryKey: ["userPasskeys"] });
+    },
+  });
+
+  const formattedLastUsed = data.lastUsedAt
+    ? formatReadableDate(parseISO(data.lastUsedAt), new Date())
+    : "";
+  const formattedCreated = formatReadableDate(
+    parseISO(data.createdAt),
+    new Date(),
+  );
+  const status = renamePasskey.data?.renamePasskey.status ?? null;
+
+  const onRemoveClick = (): void => {
+    removePasskey.mutate(data.id);
+  };
+
+  const onInput = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setValue(e.target.value);
+  };
+  const onCancel = () => {
+    console.log("wee");
+    setValue(data.name);
+  };
+  const handleSubmit = async (
+    e: React.FormEvent<HTMLFormElement>,
+  ): Promise<void> => {
+    e.preventDefault();
+
+    const formData = new FormData(e.currentTarget);
+    const name = formData.get("input") as string;
+
+    await renamePasskey.mutateAsync({ id: data.id, name });
+  };
+
+  return (
+    <div className="flex flex-col gap-2">
+      <div className="flex items-center gap-2">
+        <EditInPlace
+          onSave={handleSubmit}
+          type="text"
+          value={value}
+          onInput={onInput}
+          onCancel={onCancel}
+          serverInvalid={!!status && status !== "RENAMED"}
+          className="flex-1"
+          label=""
+          saveButtonLabel={t("action.save")}
+          savingLabel={t("common.saving")}
+          savedLabel={t("common.saved")}
+          cancelButtonLabel={t("action.cancel")}
+        >
+          <ErrorMessage match="typeMismatch" forceMatch={status === "INVALID"}>
+            {t("frontend.account.passkeys.name_invalid_error")}
+          </ErrorMessage>
+        </EditInPlace>
+
+        <DeleteButtonWithConfirmation
+          name={data.name}
+          disabled={removePasskey.isPending}
+          onClick={onRemoveClick}
+        />
+      </div>
+
+      <Form.Root>
+        <Form.Field name="">
+          <Form.HelpMessage>
+            {data.lastUsedAt
+              ? t("frontend.account.passkeys.last_used_message", {
+                  date: formattedLastUsed,
+                })
+              : t("frontend.account.passkeys.never_used_message")}
+          </Form.HelpMessage>
+          <Form.HelpMessage>
+            {t("frontend.account.passkeys.created_at_message", {
+              date: formattedCreated,
+            })}
+          </Form.HelpMessage>
+        </Form.Field>
+      </Form.Root>
+    </div>
+  );
+};
+
+export default UserPasskey;

frontend/src/components/UserPasskey/UserPasskey.tsx

@@ -0,0 +1,6 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+export { default } from "./UserPasskey";