feat(mfa): opt-in MFA setup UI (TOTP fix + recovery download, passkey enrollment, method hub)#58
Merged
Merged
Conversation
- new AuthorizerMFASetup hub lists server-supported methods (TOTP, passkey, email/SMS OTP) via availableMfaMethods prop, mapping to the upcoming public meta fields - new AuthorizerPasskeyRegister enrols passkeys via SDK registerPasskey, guarding unsupported browsers - rework AuthorizerTOTPScanner: aligned QR/secret layout, copy setup key, recovery codes with copy/download/print + save-now warning - Storybook stories cover each method/state; fix preview build (drop broken addon-styling-webpack, automatic JSX runtime, global default.css)
Stray pnpm-lock.yaml (stale since Apr, npm is actual pm per main.yml) made size-limit-action fall back to pnpm, which isn't installed on the runner. Drop the dead lockfile and bump checkout/action versions.
actions/checkout@v1 is six years stale; pin size-limit-action to v1.8.0 instead of the floating v1 tag and add setup-node so the action's npm install has a consistent Node version.
size-limit report 📦
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a proper user-facing MFA opt-in experience, modeled on GitHub/Okta security settings. Testable locally in Storybook (
npm run storybook→ MFA/ sidebar) — no server needed.Components
registerPasskey(); optional device name, success/error states, and an info notice whenisWebauthnSupported()is false. Optional list of existing passkeys.onSetupMethod. ExportsAvailableMfaMethods/MfaMethod.copyToClipboard()util, namespaced.mfa-*CSS (no existing rules touched), exports wired.availableMfaMethods prop → server meta (follow-up)
Omitted/false hides a method, so users only see real options. A companion server PR adds those four booleans to the public
metaquery.Verification
tsc --noEmit,npm run build(tsup),npm run build-storybook, prettier — all clean; every state visually verified in Chrome against a live server.Notes (called out for review)
addon-styling-webpack, SWC JSX runtime, and global-CSS scoping) so stories build — unrelated to the feature but required to run them.MessageType.Infocontrast bug (white text on light bg); worked around at call sites viaextraStyles, worth fixing at theMessagesource separately.eslint.config.jshas a pre-existing flat-config bug (root: true) that breaksnpm run lint— left untouched (out of scope).