The initial set of improvements from the research into WebAuthn involves extending the DuoIntegration objects with per-integration features affecting the Subject. They already carry custom Principals so it’s in that general vein.
I would allow for a custom context to Principal mapping hook per-integration, so that the mapping can take into account which integration object is being used.
Secondly, I’d optimize for the case of needing/wanting a UsernamePrincipal to be added based on the username passed to Duo, which would be used in the passwordless case when no other flow gets run, allowing simple c14n to extract out the same username.
Environment
None
Assignee
Scott Cantor
Scott Cantor
Activity
Philip Smart
January 3, 2024 at 2:10 PM
I will look to add this to the integration objects, just in case it proves useful in the future.
Scott Cantor
January 3, 2024 at 2:08 PM
What I did was enough for my use case here. If we want to do more, we can, passing back.
Scott Cantor
December 28, 2023 at 7:24 PM
I’ll do an initial pass on this with the basic requirements for Passwordless. I think we can handle the UsernamePrincipal case easily by just adding that iff the integration has the passwordless flag set.
I’ll also add per-integration factor enforcement as a general feature.
The initial set of improvements from the research into WebAuthn involves extending the DuoIntegration objects with per-integration features affecting the Subject. They already carry custom Principals so it’s in that general vein.
I would allow for a custom context to Principal mapping hook per-integration, so that the mapping can take into account which integration object is being used.
Secondly, I’d optimize for the case of needing/wanting a UsernamePrincipal to be added based on the username passed to Duo, which would be used in the passwordless case when no other flow gets run, allowing simple c14n to extract out the same username.