feat(auth): Add WebAuthn/passkey support across all platforms#6812
Closed
ahmedhamouda78 wants to merge 17 commits intoaws-amplify:mainfrom
Closed
feat(auth): Add WebAuthn/passkey support across all platforms#6812ahmedhamouda78 wants to merge 17 commits intoaws-amplify:mainfrom
ahmedhamouda78 wants to merge 17 commits intoaws-amplify:mainfrom
Conversation
- Add WebAuthn credential types and passkey exception handling to amplify_core - Implement WebAuthn bridge for Android with Pigeon code generation - Implement WebAuthn bridge for iOS/macOS with Swift bindings - Add Linux WebAuthn platform support with libfido2 bindings - Add Windows WebAuthn platform support with native bindings - Implement Dart-only WebAuthn credential platform with HTML and stub variants - Add CognitoWebAuthnClient for WebAuthn credential operations - Add passkey sign-in flow to sign-in state machine - Add base64url encoding utility for credential serialization - Extend authenticator with passwordless settings and passkey UI flows - Add comprehensive test coverage for WebAuthn operations across all platforms - Update localizations to support passkey-related UI strings - Add WebAuthn Gen 2 backend scaffolding - Add PasswordlessOutputs config and example app passkey screen
ahmedhamouda78
force-pushed
the
feat/add-passkey-support
branch
from
1fc99a1 to
100b571
Compare
cadivus
reviewed
Mar 18, 2026
Member
cadivus
left a comment
cadivus
left a comment
There was a problem hiding this comment.
Hi Ahmed,
thanks a lot for this!
Comment on lines
+1
to
+5
| { | ||
| "name": "webauthn", | ||
| "version": "1.0.0", | ||
| "main": "index.js" | ||
| } |
Member
There was a problem hiding this comment.
Could you please register it here:
https://github.com/aws-amplify/amplify-flutter/blob/main/infra-gen2/tool/deploy_gen2.dart
|
|
||
| import { defineAuth } from "@aws-amplify/backend"; | ||
|
|
||
| export const auth = defineAuth({ |
Member
There was a problem hiding this comment.
Do we need account verification here? If so, habe a look at this:
Comment on lines
+49
to
+68
| dependency_overrides: | ||
| amplify_auth_cognito: | ||
| path: ../ | ||
| amplify_auth_cognito_dart: | ||
| path: ../../amplify_auth_cognito_dart | ||
| amplify_auth_cognito_test: | ||
| path: ../../amplify_auth_cognito_test | ||
| amplify_auth_integration_test: | ||
| path: ../../../test/amplify_auth_integration_test | ||
| amplify_authenticator: | ||
| path: ../../../authenticator/amplify_authenticator | ||
| amplify_core: | ||
| path: ../../../amplify_core | ||
| amplify_flutter: | ||
| path: ../../../../packages/amplify/amplify_flutter | ||
| amplify_integration_test: | ||
| path: ../../../test/amplify_integration_test | ||
| amplify_native_legacy_wrapper: | ||
| path: ../../../amplify_native_legacy_wrapper | ||
|
|
Member
There was a problem hiding this comment.
This shouldn't be here. These overrides get generated locally (and ignored) by running
dart pub global activate -spath packages/aft && aft bootstrap
cadivus
requested changes
Mar 18, 2026
added 2 commits
March 18, 2026 14:04
…onfig - Create pre-sign-up Lambda handler for WebAuthn authentication flow - Define pre-sign-up trigger function in auth resource configuration - Integrate pre-sign-up trigger into Cognito auth resource - Add WebAuthn backend to deployment configuration in deploy_gen2.dart - Remove dependency overrides from amplify_auth_cognito example pubspec.yaml
- Remove unnecessary variable assignment in isPasskeySupported check - Add dead_code ignore annotation for null check in credentials validation - Add invalid_runtime_check_with_js_interop_types ignore for JSObject cast - Convert mutable list literals to const in credential tests - Add explicit Map type casts for response field access in assertions - Convert string literals to const where appropriate in test data - Add close_sinks ignore annotation to test file header - Remove unused imports (mock_clients, aws_common) from associate test - Remove unused hubEvents variable declaration - Improve type safety in JSON response assertions across passkey tests
Closed
- Reformat long lines in passwordless_outputs.dart for readability - Reorganize auth_types.dart exports to group credentials after auto sign-in - Simplify test assertions in auth_factor_type_webauthn_test.dart - Format multi-line widget constructors in passkey_management.dart example - Apply consistent formatting across WebAuthn platform implementations - Improve code readability in WebAuthn credential models and tests - Standardize formatting in authenticator widgets and services
- Import json_annotation package for JSON serialization control - Add @jsonkey annotation to exclude passwordless outputs from JSON serialization - Add WebAuthn factor type mapping to AuthFactorType enum - Enable WebAuthn as a supported authentication factor in sign-in flow
…orm code - Reorganize imports to follow Dart conventions (package imports before relative imports) - Add ignore_for_file directives to suppress linting warnings for generated code and platform-specific files - Update documentation comments to use backticks for code references instead of square brackets - Fix type annotations in tests for better type safety (Map to Map<String, dynamic>) - Improve code consistency across Linux and Windows WebAuthn platform implementations
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #6812 +/- ##
==========================================
+ Coverage 43.23% 45.45% +2.21%
==========================================
Files 99 106 +7
Lines 7769 8741 +972
Branches 3400 3716 +316
==========================================
+ Hits 3359 3973 +614
- Misses 4410 4768 +358 🚀 New features to boost your workflow:
|
… collector macOS uses FFI (ASFDeviceInfoMacOS) for device info collection, not the Pigeon method channel bridge. The Flutter wrapper was incorrectly overriding the FFI implementation for macOS, causing a fatalError() in AmplifyAuthCognitoPlugin.swift:112.
…yment target - Move PigeonError, wrapResult, wrapError, isNullish, and nilOrValue from WebAuthnBridge.g.swift to messages.g.swift to eliminate duplication - Change helper function visibility from private to internal in messages.g.swift for cross-file access - Update macOS deployment target from 10.15 to 13.5 across all build configurations - Add development team identifier and code signing identity to Runner project - Set product bundle identifier for example app - Update Xcode project settings (LastUpgradeCheck, KnownAssetTags) - Add inputPaths and outputPaths to Embed Pods Frameworks build phase - Consolidates pigeon code generation utilities into a single source of truth
ahmedhamouda78
force-pushed
the
feat/add-passkey-support
branch
from
f025e53 to
386385a
Compare
Member
|
Replaced by #6851 to make workflow handling easier |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.