[Browser MFA] Add Browser MFA UI#64692
Conversation
danielashare
added
no-changelog
|
is there a missing PR in the description that is required to test this myself? b/c i wasn't able to make it work. ( i checked out this branch, re-built teleport and tsh) |
Sorry about that @kimlisa, the (mainly PoC, doesn't have tests etc) PR is compiled together on |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 77d83b13b0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 10fc7fd8a5
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6ccb634ba2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d6ae2176b3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2430eb4851
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0dbbaaddb5
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 46b7b4d874
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6a4d155cce
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
danielashare
force-pushed
the
danielashare/browser-mfa-ui
branch
from
6a4d155 to
f21d51d
Compare
|
|
||
| import { validateClientRedirect } from '../../../shared/redirects/urlValidation'; | ||
|
|
||
| interface BrowserMFAProps { |
There was a problem hiding this comment.
| interface BrowserMFAProps { | |
| interface BrowserMfaProps { |
I know it's tough when switching between frontend and backend, but we only use all caps in the Go code.
There was a problem hiding this comment.
It'll sink in one day 🤦♂️ cheers
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
danielashare
force-pushed
the
danielashare/browser-mfa-ui
branch
from
41c2ec9 to
8b393a2
Compare
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
public-teleport-github-review-bot
Bot
removed the request for review
from charlestp
danielashare
force-pushed
the
danielashare/browser-mfa-ui
branch
from
8b393a2 to
6c6f691
Compare
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
|
@danielashare See the table below for backport results.
|
[Browser MFA] Add protobuf and config (#63831) [Browser MFA] Add proto for Browser MFA feature (#64048) [Browser MFA] Add CompleteBrowserMFAChallenge gRPC (#63873) [Browser MFA] Rename browser mfa config name (#64980) [Browser MFA] Add BrowserMFARequestID to CreateAuthenticateChallenge (#63945) [Browser MFA] Add Browser MFA to challenge request flow (#63936) [Browser MFA] Add initial requests for browser MFA process to client tools (#64301) [Browser MFA] Add tsh callback handling for webauthn response (#64461) [Browser MFA] Add Browser MFA to presence checks (#65052) [Browser MFA] Add browser MFA path to MFA finish flow (#64523) [Browser MFA] Add Browser MFA to Connect (#64887) [Browser MFA] Add Browser MFA UI (#64692) [Browser MFA] Fix formatting in moderated sessions (#65236) [Browser MFA] Add Browser MFA ceremony tests
[Browser MFA] Add protobuf and config (gravitational#63831) [Browser MFA] Add proto for Browser MFA feature (gravitational#64048) [Browser MFA] Add CompleteBrowserMFAChallenge gRPC (gravitational#63873) [Browser MFA] Rename browser mfa config name (gravitational#64980) [Browser MFA] Add BrowserMFARequestID to CreateAuthenticateChallenge (gravitational#63945) [Browser MFA] Add Browser MFA to challenge request flow (gravitational#63936) [Browser MFA] Add initial requests for browser MFA process to client tools (gravitational#64301) [Browser MFA] Add tsh callback handling for webauthn response (gravitational#64461) [Browser MFA] Add Browser MFA to presence checks (gravitational#65052) [Browser MFA] Add browser MFA path to MFA finish flow (gravitational#64523) [Browser MFA] Add Browser MFA to Connect (gravitational#64887) [Browser MFA] Add Browser MFA UI (gravitational#64692) [Browser MFA] Fix formatting in moderated sessions (gravitational#65236) [Browser MFA] Add Browser MFA ceremony tests
4 participants
This PR adds the UI for the Browser MFA feature. The RFD for this feature can be found here. Tracking issue #63987.
These changes address this part of the flow from the above RFD (with the Auth interactions cut out for brevity):
sequenceDiagram participant tsh participant browser as Browser participant proxy as Proxy tsh->>browser: Open browser to:<br/>https://teleport.example.com/web/mfa/browser/:request_id activate browser browser->>proxy: GET /web/mfa/browser/:request_id proxy->>browser: Render MFA page browser->>proxy: POST /webapi/mfa/authenticatechallenge<br/>w/ browser_mfa_request_id proxy->>browser: MFA Challenge browser-->>browser: Display WebAuthn prompt browser->>browser: User taps TouchID /<br/>Uses password manager passkey browser->>proxy: PUT /webapi/mfa/browser/:request_id proxy-->>browser: HTTP 200 with redirect URL browser->>tsh: Redirect to callback URL<br/>http://127.0.0.1:port/callback?response={encrypted_webauthn} deactivate browserQuick demo: https://github.com/user-attachments/assets/eea50890-e4fb-4e65-9dd8-4151634bd252
Manual Test Plan
Test Environment
UI tested on a Teleport instance running this branch locally, with backend requests being sent to a Teleport instance that has Browser MFA server-side changes (
danielashare/tsh-browser-mfa-sso). SSO supported by a local keycloak instance.Test Cases
baddomain.comis caught by local validation