feat: add webauthn to list of identifiers

This patch adds the key `webauthn` to the list of possible identifiers in the Identity JSON Schema. Use this key to specify what field is used to find the WebAuthn credentials on passwordless login flows.

identity/extension_credentials.go

@@ -25,6 +25,7 @@ func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials {
 func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error {
 	r.l.Lock()
 	defer r.l.Unlock()
+
 	if s.Credentials.Password.Identifier {
 		cred, ok := r.i.GetCredentials(CredentialsTypePassword)
 		if !ok {
@@ -39,6 +40,22 @@ func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schem
 		cred.Identifiers = r.v
 		r.i.SetCredentials(CredentialsTypePassword, *cred)
 	}
+
+	if s.Credentials.WebAuthn.Identifier {
+		cred, ok := r.i.GetCredentials(CredentialsTypeWebAuthn)
+		if !ok {
+			cred = &Credentials{
+				Type:        CredentialsTypeWebAuthn,
+				Identifiers: []string{},
+				Config:      sqlxx.JSONRawMessage{},
+			}
+		}
+
+		r.v = stringslice.Unique(append(r.v, strings.ToLower(fmt.Sprintf("%s", value))))
+		cred.Identifiers = r.v
+		r.i.SetCredentials(CredentialsTypeWebAuthn, *cred)
+	}
+
 	return nil
 }
 

identity/extension_credentials_test.go

@@ -25,16 +25,19 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 		doc       string
 		expect    []string
 		existing  *identity.Credentials
+		ct        identity.CredentialsType
 	}{
 		{
 			doc:    `{"email":"[email protected]"}`,
 			schema: "file://./stub/extension/credentials/schema.json",
 			expect: []string{"[email protected]"},
+			ct:     identity.CredentialsTypePassword,
 		},
 		{
 			doc:    `{"emails":["[email protected]","[email protected]","[email protected]"], "username": "foobar"}`,
 			schema: "file://./stub/extension/credentials/multi.schema.json",
 			expect: []string{"[email protected]", "[email protected]", "foobar"},
+			ct:     identity.CredentialsTypePassword,
 		},
 		{
 			doc:    `{"emails":["[email protected]","[email protected]"], "username": "foobar"}`,
@@ -43,6 +46,22 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 			existing: &identity.Credentials{
 				Identifiers: []string{"[email protected]"},
 			},
+			ct: identity.CredentialsTypePassword,
+		},
+		{
+			doc:    `{"email":"[email protected]"}`,
+			schema: "file://./stub/extension/credentials/webauthn.schema.json",
+			expect: []string{"[email protected]"},
+			ct:     identity.CredentialsTypeWebAuthn,
+		},
+		{
+			doc:    `{"email":"[email protected]"}`,
+			schema: "file://./stub/extension/credentials/webauthn.schema.json",
+			expect: []string{"[email protected]"},
+			existing: &identity.Credentials{
+				Identifiers: []string{"[email protected]"},
+			},
+			ct: identity.CredentialsTypeWebAuthn,
 		},
 	} {
 		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
@@ -53,7 +72,7 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 			i := new(identity.Identity)
 			e := identity.NewSchemaExtensionCredentials(i)
 			if tc.existing != nil {
-				i.SetCredentials(identity.CredentialsTypePassword, *tc.existing)
+				i.SetCredentials(tc.ct, *tc.existing)
 			}
 
 			runner.AddRunner(e).Register(c)
@@ -63,7 +82,7 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 			}
 			require.NoError(t, e.Finish())
 
-			credentials, ok := i.GetCredentials(identity.CredentialsTypePassword)
+			credentials, ok := i.GetCredentials(tc.ct)
 			require.True(t, ok)
 			assert.ElementsMatch(t, tc.expect, credentials.Identifiers)
 		})

identity/stub/extension/credentials/webauthn.schema.json

@@ -0,0 +1,19 @@
+{
+  "type": "object",
+  "properties": {
+    "email": {
+      "type": "string",
+      "format": "email",
+      "ory.sh/kratos": {
+        "credentials": {
+          "password": {
+            "identifier": true
+          },
+          "webauthn": {
+            "identifier": true
+          }
+        }
+      }
+    }
+  }
+}

schema/extension.go

@@ -21,6 +21,9 @@ type (
 			Password struct {
 				Identifier bool `json:"identifier"`
 			} `json:"password"`
+			WebAuthn struct {
+				Identifier bool `json:"identifier"`
+			} `json:"webauthn"`
 			TOTP struct {
 				AccountName bool `json:"account_name"`
 			} `json:"totp"`