trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: fix passwordless docs, cross-link both 

closes #3803

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-10-18 21:38:01 +02:00
parent e9eede5a80
commit bb43c49b1e
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile
View File

@ -151,7 +151,7 @@ web-extract:
## Website
#########################
website: website-lint-fix
website: website-lint-fix website-build
website-install:
cd website && npm ci
@ -159,6 +159,9 @@ website-install:
website-lint-fix:
cd website && npm run prettier
website-build:
cd website && npm run build
website-watch:
cd website && npm run watch

2
website/docs/flow/stages/authenticator_validate/index.md
View File

@ -35,7 +35,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a
Requires authentik 2021.12.4
:::
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics.
Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types.
To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_.

6
website/docs/flow/stages/password/index.md
View File

@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user`
## Passwordless login
To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage.
There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
Depending on what kind of device you want to require the user to have:
@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have:
```python
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists()
return WebAuthnDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
```
#### Duo
```python
from authentik.stages.authenticator_duo.models import DuoDevice
return DuoDevice.objects.filter(user=request.user, confirmed=True).exists()
return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists()
```
Afterwards, bind the policy you've created to the stage binding of the password stage.