stages/authenticator_validate: add ability to limit webauthn device types (#9180)

* stages/authenticator_validate: add ability to limit webauthn device types Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require enterprise attestation when a device restriction is configured as we need the aaguid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error message Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-04-11 13:10:05 +02:00
parent 35448f6017
commit fd44bc2bec
14 changed files with 398 additions and 83 deletions
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@ -5637,6 +5637,14 @@
                    ],
                    "title": "Webauthn user verification",
                    "description": "Enforce user verification for WebAuthn devices."
+                },
+                "webauthn_allowed_device_types": {
+                    "type": "array",
+                    "items": {
+                        "type": "string",
+                        "format": "uuid"
+                    },
+                    "title": "Webauthn allowed device types"
                }
            },
            "required": []