Integrate a username collection view into existing Duo flow
Activity
Scott Cantor January 16, 2024 at 8:07 PMEdited
The form was redone again to move it back to a single form and moved the password button to the bottom. Error handling also extended a bit.
Added a flag now to prevent the initial form preload from doing the enrollment check or signaling any error events, so the initial render should be clean.
Scott Cantor January 16, 2024 at 4:17 PM
I moved the management of the username cookie to the CheckEnrollment action. It caches the name any time enrollment checking succeeds, unless the bypass checkbox is submitted, in which case it clears the cookie.
The cookie is left alone if the username doesn’t change, but since the first time in it generally “changes” from null to a value derived from the old cookie, it should replace the cookie under the current sealer key.
Scott Cantor January 10, 2024 at 6:52 PM
Reimplemented to match IdP changes, but pending cookie issues.
Scott Cantor January 10, 2024 at 6:51 PM
Revisiting population of username.
Scott Cantor January 8, 2024 at 5:24 PM
One remaining need is to add a hook for username normalization beyond just text transformation.
This may be a failed experiment but I’m thinking of trying to embed the username collection and enrollment checking features into the existing flow. Reason for that is Spring scope. If we do a separate flow, the only way to leverage the Duo API to check for enrollment status is to move the integration objects (and who knows how much else) into the root context so another webflow can get at them.
I think this overall need is specific enough to Duo that it probably belongs inside the plugin if it works out. In comparison, while the standard webauthn plugin might need something “similar” it’s not similar enough. No Duo overlap plus the option for resident keys means the username is even optional there, but it’s not with Duo.