a8b7eace48
Enable users to sign up and sign in using passkeys (biometrics/security keys) without needing a manually-created Authentik account. The existing SSO login remains as an alternative. Backend: - Add WebAuthn registration/authentication endpoints via py-webauthn - Issue HS256 JWTs for passkey users, with Redis-backed challenge storage - Dual JWT verification in auth middleware (issuer-based routing: passkey HS256 vs Authentik RS256) - PasskeyCredential model + migration making user.password nullable - UserRepository with full CRUD for users and credentials Frontend: - AuthUser type abstraction unifying OIDC and passkey users - Passkey service using @simplewebauthn/browser for WebAuthn ceremonies - LoginModal redesigned with Sign In / Sign Up tabs - Type migration from oidc-client-ts User to AuthUser across all services and components
11 lines
353 B
Python
11 lines
353 B
Python
from datetime import datetime
|
|
|
|
from pydantic import EmailStr
|
|
from sqlmodel import SQLModel, Field
|
|
|
|
|
|
class User(SQLModel, table=True):
|
|
id: int = Field(primary_key=True)
|
|
email: EmailStr = Field(index=True, unique=True)
|
|
password: str | None = Field(default=None, nullable=True)
|
|
created_at: datetime = Field(default_factory=datetime.utcnow)
|