[Bug?/Help]: User Auth with Passkey only
Use-case: Authentification in mobile App (build in Flutter) - goal: passwordless only
Environment: self-hosted
Version: 4.6.2
Stack: Zitadel self-hosted in Docker (with traefik). Mobile App in Flutter with Webauthn. Backend in Go with echo. Test at the moment Postman for user creation.
What I did:
- Create own Org (APP)
- Login Policy for APP: Removed username / password auth (as tooltip says passwordless only is possible than) -> Screenshot
- Created user without password over API: /v2/users/new -> Screenshot
- Started Passkey process over API: /v2/users/6faaa3f5-d032-45fe-b945-df1ebdc07b41/passkeys/registration_link
- At mobile phone added passkey over Browser: /ui/login/login/passwordless/init?userID=6faaa3f5-d032-45fe-b945-df1ebdc07b41&code=HDufEFUyEBcD&codeID=344747873365131267
- Successful
If i now try to login via auth flow in App, it opens the login page but no passkey request appears. Also no username field (Screenshot).
If I activate "username and password login" in ORG Settings, the passwordless login works after typing in my username.
1 Reply
Hi @Christian, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Login users into your application with a hosted login UI : Explains that users can select a button to initiate passwordless login or use a fall-back method if available, and that the passwordless with passkeys login flow follows the FIDO2/WebAuthN standard.
2. Discord message from @yann.soubeyrand on 2024-11-27 : A community discussion about passwordless registration where a ZITADEL team member confirmed that "at the moment one needs to use our API for that" regarding passwordless-only registration flows.
Based on your description, it seems the login page requires username input even with passwordless-only configuration. You might want to click the "Ask for help" button to tag a team member who can review your specific configuration and determine if this is expected behavior or a bug in version 4.6.2.
Feel free to tag @Ask Inkeep with additional questions.