asgardeo
diff --git a/‎api/WIP/authentication.yaml‎
Lines changed: 26 additions & 26 deletions b/‎api/WIP/authentication.yaml‎
Lines changed: 26 additions & 26 deletions
diff --git a/‎api/WIP/registration.yaml‎
Lines changed: 27 additions & 27 deletions b/‎api/WIP/registration.yaml‎
Lines changed: 27 additions & 27 deletions
diff --git a/‎backend/cmd/server/repository/conf/deployment.yaml‎
Lines changed: 6 additions & 0 deletions b/‎backend/cmd/server/repository/conf/deployment.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎backend/dbscripts/runtimedb/postgres.sql‎
Lines changed: 18 additions & 0 deletions b/‎backend/dbscripts/runtimedb/postgres.sql‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎backend/dbscripts/runtimedb/sqlite.sql‎
Lines changed: 18 additions & 0 deletions b/‎backend/dbscripts/runtimedb/sqlite.sql‎
Lines changed: 18 additions & 0 deletions
@@ -17,26 +17,26 @@ servers:
         default: "8090"
 
 paths:
-  /auth/webauthn/start:
+  /auth/passkey/start:
     post:
-      summary: Start WebAuthn authentication
-      description: Initiate WebAuthn/Passkey authentication for a user.
+      summary: Start Passkey authentication
+      description: Initiate Passkey authentication for a user.
       tags:
-        - WebAuthn / Passkey
+        - Passkey / WebAuthn / FIDO2
       requestBody:
-        description: WebAuthn authentication initiation data
+        description: Passkey authentication initiation data
         required: true
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/WebAuthnStartRequest'
+              $ref: '#/components/schemas/PasskeyStartRequest'
       responses:
         "200":
           description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/WebAuthnStartResponse'
+                $ref: '#/components/schemas/PasskeyStartResponse'
         "400":
           description: 'Bad Request: The request body is malformed or contains invalid data'
           content:
@@ -46,7 +46,7 @@ paths:
               example:
                 code: "AUTHN-1011"
                 message: "Empty username"
-                description: "The username is required to start WebAuthn authentication"
+                description: "The username is required to start Passkey authentication"
         "404":
           description: 'Not Found: The user could not be found'
           content:
@@ -64,19 +64,19 @@ paths:
               schema:
                 $ref: '#/components/schemas/ServerErrorResponse'
 
-  /auth/webauthn/finish:
+  /auth/passkey/finish:
     post:
-      summary: Finish WebAuthn authentication
-      description: Complete WebAuthn/Passkey authentication for a user.
+      summary: Finish Passkey authentication
+      description: Complete Passkey authentication for a user.
       tags:
-        - WebAuthn / Passkey
+        - Passkey / WebAuthn / FIDO2
       requestBody:
-        description: WebAuthn authentication completion data
+        description: Passkey authentication completion data
         required: true
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/WebAuthnFinishRequest'
+              $ref: '#/components/schemas/PasskeyFinishRequest'
       responses:
         "200":
           description: OK
@@ -95,12 +95,12 @@ paths:
                   value:
                     code: "AUTHN-1012"
                     message: "Empty credential ID"
-                    description: "The credential ID is required to complete WebAuthn authentication"
+                    description: "The credential ID is required to complete Passkey authentication"
                 emptyCredentialType:
                   value:
                     code: "AUTHN-1013"
                     message: "Empty credential type"
-                    description: "The credential type is required to complete WebAuthn authentication"
+                    description: "The credential type is required to complete Passkey authentication"
                 invalidAuthenticatorResponse:
                   value:
                     code: "AUTHN-1014"
@@ -112,15 +112,15 @@ paths:
                     message: "Empty session token"
                     description: "The provided session token is empty"
         "401":
-          description: 'Unauthorized: WebAuthn authentication failed'
+          description: 'Unauthorized: Passkey authentication failed'
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/ClientErrorResponse'
               example:
-                code: "WEBAUTHN-1008"
+                code: "PASS-1008"
                 message: "Invalid signature"
-                description: "The WebAuthn signature verification failed"
+                description: "The Passkey signature verification failed"
         "404":
           description: 'Not Found: The user or credential could not be found'
           content:
@@ -159,7 +159,7 @@ components:
           description: "JWT assertion token for the authenticated user"
           example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
 
-    WebAuthnStartRequest:
+    PasskeyStartRequest:
       type: object
       properties:
         user_id:
@@ -174,12 +174,12 @@ components:
         - user_id
         - relying_party_id
 
-    WebAuthnStartResponse:
+    PasskeyStartResponse:
       type: object
       properties:
         publicKeyCredentialRequestOptions:
           type: object
-          description: PublicKeyCredentialRequestOptions as per WebAuthn standard
+          description: PublicKeyCredentialRequestOptions as per Passkey standard
           properties:
             challenge:
               type: string
@@ -235,19 +235,19 @@ components:
             userVerification: "preferred"
         session_token:
           type: string
-          description: JWT token for the WebAuthn authentication session
+          description: JWT token for the Passkey authentication session
           example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
       required:
         - publicKeyCredentialRequestOptions
         - session_token
 
 
-    WebAuthnFinishRequest:
+    PasskeyFinishRequest:
       type: object
       properties:
         publicKeyCredential:
           type: object
-          description: PublicKeyCredential as per WebAuthn standard
+          description: PublicKeyCredential as per Passkey standard
           properties:
             id:
               type: string
@@ -307,7 +307,7 @@ components:
             authenticatorAttachment: "platform"
         session_token:
           type: string
-          description: JWT token for the WebAuthn authentication session
+          description: JWT token for the Passkey authentication session
           example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
         skip_assertion:
           type: boolean
 
@@ -2,7 +2,7 @@ openapi: 3.0.3
 
 info:
   title: Registration API
-  description: This API is used for user registration operations including WebAuthn/Passkey registration.
+  description: This API is used for user registration operations including Passkey registration.
   version: "1.0"
   license:
     name: Apache 2.0
@@ -17,26 +17,26 @@ servers:
         default: "8090"
 
 paths:
-  /register/webauthn/start:
+  /register/passkey/start:
     post:
-      summary: Start WebAuthn credential registration
-      description: Initiate WebAuthn/Passkey credential creation for a user.
+      summary: Start Passkey credential registration
+      description: Initiate Passkey credential creation for a user.
       tags:
-        - WebAuthn / Passkey Registration
+        - Passkey / WebAuthn / FIDO2 Registration
       requestBody:
-        description: WebAuthn credential creation initiation data
+        description: Passkey credential creation initiation data
         required: true
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/WebAuthnRegistrationStartRequest'
+              $ref: '#/components/schemas/PasskeyRegistrationStartRequest'
       responses:
         "200":
           description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/WebAuthnRegistrationStartResponse'
+                $ref: '#/components/schemas/PasskeyRegistrationStartResponse'
         "400":
           description: 'Bad Request: The request body is malformed or contains invalid data'
           content:
@@ -46,7 +46,7 @@ paths:
               example:
                 code: "AUTHN-1011"
                 message: "Empty user ID"
-                description: "The user ID is required to start WebAuthn registration"
+                description: "The user ID is required to start registration"
         "404":
           description: 'Not Found: The user could not be found'
           content:
@@ -68,26 +68,26 @@ paths:
                 message: "Internal server error"
                 description: "An unexpected error occurred while processing the request"
 
-  /register/webauthn/finish:
+  /register/passkey/finish:
     post:
-      summary: Finish WebAuthn credential registration
-      description: Complete WebAuthn/Passkey credential creation for a user.
+      summary: Finish Passkey credential registration
+      description: Complete Passkey credential creation for a user.
       tags:
-        - WebAuthn / Passkey Registration
+        - Passkey / WebAuthn / FIDO2 Registration
       requestBody:
-        description: WebAuthn credential creation completion data
+        description: Passkey credential creation completion data
         required: true
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/WebAuthnRegistrationFinishRequest'
+              $ref: '#/components/schemas/PasskeyRegistrationFinishRequest'
       responses:
         "200":
           description: OK
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/WebAuthnRegistrationFinishResponse'
+                $ref: '#/components/schemas/PasskeyRegistrationFinishResponse'
         "400":
           description: 'Bad Request: The request body is malformed or contains invalid data'
           content:
@@ -99,12 +99,12 @@ paths:
                   value:
                     code: "AUTHN-1012"
                     message: "Empty credential ID"
-                    description: "The credential ID is required to complete WebAuthn registration"
+                    description: "The credential ID is required to complete registration"
                 emptyCredentialType:
                   value:
                     code: "AUTHN-1013"
                     message: "Empty credential type"
-                    description: "The credential type is required to complete WebAuthn registration"
+                    description: "The credential type is required to complete registration"
                 invalidAttestationResponse:
                   value:
                     code: "AUTHN-1015"
@@ -116,15 +116,15 @@ paths:
                     message: "Empty session token"
                     description: "The provided session token is empty"
         "401":
-          description: 'Unauthorized: WebAuthn registration verification failed'
+          description: 'Unauthorized: Passkey registration verification failed'
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/ClientErrorResponse'
               example:
-                code: "WEBAUTHN-1009"
+                code: "PASS-1009"
                 message: "Invalid attestation"
-                description: "The WebAuthn attestation verification failed"
+                description: "The Passkey attestation verification failed"
         "404":
           description: 'Not Found: The user could not be found'
           content:
@@ -148,7 +148,7 @@ paths:
 
 components:
   schemas:
-    WebAuthnRegistrationStartRequest:
+    PasskeyRegistrationStartRequest:
       type: object
       properties:
         userId:
@@ -195,7 +195,7 @@ components:
         - userId
         - relyingPartyId
 
-    WebAuthnRegistrationStartResponse:
+    PasskeyRegistrationStartResponse:
       type: object
       properties:
         publicKeyCredentialCreationOptions:
@@ -342,12 +342,12 @@ components:
         - publicKeyCredentialCreationOptions
         - sessionToken
 
-    WebAuthnRegistrationFinishRequest:
+    PasskeyRegistrationFinishRequest:
       type: object
       properties:
         publicKeyCredential:
           type: object
-          description: PublicKeyCredential as per WebAuthn standard
+          description: PublicKeyCredential as per Passkey standard
           properties:
             id:
               type: string
@@ -404,7 +404,7 @@ components:
             authenticatorAttachment: "platform"
         sessionToken:
           type: string
-          description: JWT token for the WebAuthn registration session
+          description: JWT token for the Passkey registration session
           example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
         credentialName:
           type: string
@@ -414,7 +414,7 @@ components:
         - publicKeyCredential
         - sessionToken
 
-    WebAuthnRegistrationFinishResponse:
+    PasskeyRegistrationFinishResponse:
       type: object
       properties:
         credentialId:
 
@@ -39,3 +39,9 @@ crypto:
 cors:
   allowed_origins:
     - "https://localhost:3000"
+
+passkey:
+  allowed_origins:
+    - "https://localhost:8090"
+    - "https://localhost:5190"
+    - "https://localhost:5191"
@@ -68,3 +68,21 @@ CREATE TABLE FLOW_USER_DATA (
 
 -- Index for deployment isolation on FLOW_USER_DATA
 CREATE INDEX idx_flow_user_data_deployment_id ON FLOW_USER_DATA (DEPLOYMENT_ID);
+
+-- Table to store WebAuthn session data
+CREATE TABLE WEBAUTHN_SESSION (
+    SESSION_KEY VARCHAR(255) NOT NULL,
+    DEPLOYMENT_ID VARCHAR(255) NOT NULL,
+    USER_ID VARCHAR(36) NOT NULL,
+    RELYING_PARTY_ID VARCHAR(255) NOT NULL,
+    SESSION_DATA JSONB NOT NULL,
+    CREATED_AT TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    EXPIRY_TIME TIMESTAMP NOT NULL,
+    PRIMARY KEY (SESSION_KEY, DEPLOYMENT_ID)
+);
+
+-- Index for deployment isolation on WEBAUTHN_SESSION
+CREATE INDEX idx_webauthn_session_deployment_id ON WEBAUTHN_SESSION (DEPLOYMENT_ID);
+
+-- Index for expiry time on WEBAUTHN_SESSION
+CREATE INDEX idx_webauthn_session_expiry_time ON WEBAUTHN_SESSION (EXPIRY_TIME);
@@ -68,3 +68,21 @@ CREATE TABLE FLOW_USER_DATA (
 
 -- Index for deployment isolation on FLOW_USER_DATA
 CREATE INDEX idx_flow_user_data_deployment_id ON FLOW_USER_DATA (DEPLOYMENT_ID);
+
+-- Table to store WebAuthn session data
+CREATE TABLE WEBAUTHN_SESSION (
+    SESSION_KEY VARCHAR(255) NOT NULL,
+    DEPLOYMENT_ID VARCHAR(255) NOT NULL,
+    USER_ID VARCHAR(36) NOT NULL,
+    RELYING_PARTY_ID VARCHAR(255) NOT NULL,
+    SESSION_DATA TEXT NOT NULL,
+    CREATED_AT TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    EXPIRY_TIME DATETIME NOT NULL,
+    PRIMARY KEY (SESSION_KEY, DEPLOYMENT_ID)
+);
+
+-- Index for deployment isolation on WEBAUTHN_SESSION
+CREATE INDEX idx_webauthn_session_deployment_id ON WEBAUTHN_SESSION (DEPLOYMENT_ID);
+
+-- Index for expiry time on WEBAUTHN_SESSION
+CREATE INDEX idx_webauthn_session_expiry_time ON WEBAUTHN_SESSION (EXPIRY_TIME);