website/docs: fix passwordless docs, cross-link both
closes #3803 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
e9eede5a80
commit
bb43c49b1e
5
Makefile
5
Makefile
|
@ -151,7 +151,7 @@ web-extract:
|
||||||
## Website
|
## Website
|
||||||
#########################
|
#########################
|
||||||
|
|
||||||
website: website-lint-fix
|
website: website-lint-fix website-build
|
||||||
|
|
||||||
website-install:
|
website-install:
|
||||||
cd website && npm ci
|
cd website && npm ci
|
||||||
|
@ -159,6 +159,9 @@ website-install:
|
||||||
website-lint-fix:
|
website-lint-fix:
|
||||||
cd website && npm run prettier
|
cd website && npm run prettier
|
||||||
|
|
||||||
|
website-build:
|
||||||
|
cd website && npm run build
|
||||||
|
|
||||||
website-watch:
|
website-watch:
|
||||||
cd website && npm run watch
|
cd website && npm run watch
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a
|
||||||
Requires authentik 2021.12.4
|
Requires authentik 2021.12.4
|
||||||
:::
|
:::
|
||||||
|
|
||||||
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics.
|
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types.
|
||||||
|
|
||||||
To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_.
|
To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_.
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user`
|
||||||
|
|
||||||
## Passwordless login
|
## Passwordless login
|
||||||
|
|
||||||
To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage.
|
There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
|
||||||
|
|
||||||
Depending on what kind of device you want to require the user to have:
|
Depending on what kind of device you want to require the user to have:
|
||||||
|
|
||||||
|
@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
|
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
|
||||||
return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists()
|
return WebAuthnDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Duo
|
#### Duo
|
||||||
|
|
||||||
```python
|
```python
|
||||||
from authentik.stages.authenticator_duo.models import DuoDevice
|
from authentik.stages.authenticator_duo.models import DuoDevice
|
||||||
return DuoDevice.objects.filter(user=request.user, confirmed=True).exists()
|
return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
|
||||||
```
|
```
|
||||||
|
|
||||||
Afterwards, bind the policy you've created to the stage binding of the password stage.
|
Afterwards, bind the policy you've created to the stage binding of the password stage.
|
||||||
|
|
Reference in New Issue