habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/docs: fix passwordless docs, cross-link both

Browse Source 
closes #3803

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2022-10-18 21:38:01 +02:00
parent e9eede5a80
commit bb43c49b1e
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/docs/flow/stages/authenticator_validate/index.md
View File

@ -35,7 +35,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a
Requires authentik 2021.12.4
:::
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics.
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types.
To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_.

6
website/docs/flow/stages/password/index.md
View File

@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user`
## Passwordless login
To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage.
There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
Depending on what kind of device you want to require the user to have:
@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have:
```python
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists()
return WebAuthnDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
```
#### Duo
```python
from authentik.stages.authenticator_duo.models import DuoDevice
return DuoDevice.objects.filter(user=request.user, confirmed=True).exists()
return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
```
Afterwards, bind the policy you've created to the stage binding of the password stage.