From 5b52b80717461fd1e72c7fec9ab7b0026f5a0bdf Mon Sep 17 00:00:00 2001 From: Victor Bojica Date: Tue, 22 Jul 2025 17:12:41 +0300 Subject: [PATCH 1/4] feat: add WebAuthn credential management endpoints for removal and listing --- api_spec.yaml | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/api_spec.yaml b/api_spec.yaml index 9d17a8b..609ffda 100644 --- a/api_spec.yaml +++ b/api_spec.yaml @@ -2917,6 +2917,103 @@ paths: '500': $ref: '#/components/responses/500' + /{apiBasePath}//webauthn/credential/remove: + post: + tags: + - WebAuthn Recipe + operationId: webauthnRemoveCredential + description: | + Remove a WebAuthn credential for an existing user + parameters: + - $ref: '#/components/parameters/apiBasePath' + - $ref: '#/components/parameters/webauthnRid' + - $ref: '#/components/parameters/anti-csrf' + security: + - AccessTokenBearer: [] + - AccessTokenCookie: [] + requestBody: + content: + application/json: + schema: + type: object + required: + - webauthnCredentialId + properties: + webauthnCredentialId: + type: string + example: "cred_123..." + responses: + '200': + description: Credential removal response + content: + application/json: + schema: + oneOf: + - type: object + properties: + status: + $ref: '#/components/schemas/statusOK' + - $ref: '#/components/schemas/generalErrorResponse' + - type: object + properties: + status: + type: string + enum: ["CREDENTIAL_NOT_FOUND_ERROR"] + '404': + $ref: '#/components/responses/404' + '500': + $ref: '#/components/responses/500' + + /{apiBasePath}//webauthn/credential/list: + get: + tags: + - WebAuthn Recipe + operationId: webauthnListCredentials + description: | + List all WebAuthn credentials for an existing user + parameters: + - $ref: '#/components/parameters/apiBasePath' + - $ref: '#/components/parameters/webauthnRid' + - $ref: '#/components/parameters/anti-csrf' + security: + - AccessTokenBearer: [] + - AccessTokenCookie: [] + responses: + '200': + description: Credential list response + content: + application/json: + schema: + oneOf: + - type: object + properties: + status: + $ref: '#/components/schemas/statusOK' + credentials: + type: array + items: + type: object + properties: + webauthnCredentialId: + type: string + example: "cred_123..." + relyingPartyId: + type: string + example: "https://example.com" + createdAt: + type: number + example: 1638433545183 + - $ref: '#/components/schemas/generalErrorResponse' + - type: object + properties: + status: + type: string + enum: ["CREDENTIAL_NOT_FOUND_ERROR"] + '404': + $ref: '#/components/responses/404' + '500': + $ref: '#/components/responses/500' + /{apiBasePath}//webauthn/email/exists: get: tags: From bfb3baa42b31a0621c39e4fe0644a412c0b066b3 Mon Sep 17 00:00:00 2001 From: Victor Bojica Date: Tue, 29 Jul 2025 16:11:49 +0300 Subject: [PATCH 2/4] chore: update changelog to include new WebAuthn credential management APIs for listing and removal --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 979dd86..b564b30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +## Unreleased changes + +- Added support for listing and removing WebAuthn credentials for a user. New APIs": + - `POST /{apiBasePath}//webauthn/credential/remove` + - `GET /{apiBasePath}//webauthn/credential/list` + ## [4.1.0] - 2025-05-14 ### Changes From acc42c09efaacc2c2fdf73432b888161f13e948c Mon Sep 17 00:00:00 2001 From: Victor Bojica Date: Tue, 29 Jul 2025 16:20:05 +0300 Subject: [PATCH 3/4] chore: update changelog for version 4.2.0 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b564b30..09fb84a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) -## Unreleased changes +## [4.2.0] - 2025-07-29 - Added support for listing and removing WebAuthn credentials for a user. New APIs": - `POST /{apiBasePath}//webauthn/credential/remove` From d6d534957319eebc0b39cbc038c9dfdd4ba0477b Mon Sep 17 00:00:00 2001 From: Victor Bojica Date: Tue, 29 Jul 2025 16:31:29 +0300 Subject: [PATCH 4/4] added missing field in list credentials --- api_spec.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api_spec.yaml b/api_spec.yaml index d8403a0..dec82fe 100644 --- a/api_spec.yaml +++ b/api_spec.yaml @@ -3040,6 +3040,9 @@ paths: relyingPartyId: type: string example: "https://example.com" + recipeUserId: + type: string + example: "user_123..." createdAt: type: number example: 1638433545183