fix: also offer passkey on duplicate cred err

ory · Apr 26, 2024 · 7c5b1b8 · 7c5b1b8
1 parent 81dd37c
commit 7c5b1b8
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/identity/manager.go b/identity/manager.go
@@ -243,6 +243,24 @@ func (m *Manager) findExistingAuthMethod(ctx context.Context, e error, i *Identi
 				identifierHint = cred.Identifiers[0]
 			}
 
+			for _, webauthn := range cfg.Credentials {
+				if webauthn.IsPasswordless {
+					duplicateCredErr.AddCredentialsType(cred.Type)
+					duplicateCredErr.SetIdentifierHint(identifierHint)
+					break
+				}
+			}
+		case CredentialsTypePasskey:
+			var cfg CredentialsWebAuthnConfig
+			if err := json.Unmarshal(cred.Config, &cfg); err != nil {
+				return errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to JSON decode identity credentials %s for identity %s.", cred.Type, found.ID))
+			}
+
+			identifierHint := foundConflictAddress
+			if len(cred.Identifiers) > 0 {
+				identifierHint = cred.Identifiers[0]
+			}
+
 			for _, webauthn := range cfg.Credentials {
 				if webauthn.IsPasswordless {
 					duplicateCredErr.AddCredentialsType(cred.Type)

diff --git a/selfservice/strategy/passkey/passkey_registration_test.go b/selfservice/strategy/passkey/passkey_registration_test.go
@@ -372,7 +372,7 @@ func TestRegistration(t *testing.T) {
 					assert.Contains(t, gjson.Get(actual, "ui.action").String(), fix.publicTS.URL+registration.RouteSubmitFlow, "%s", actual)
 					registrationhelpers.CheckFormContent(t, []byte(actual), "csrf_token", "traits.username")
 					assert.Equal(t,
-						"You tried signing in with "+email+" which is already in use by another account.",
+						"You tried signing in with "+email+" which is already in use by another account. You can sign in using your passkey.",
 						gjson.Get(actual, "ui.messages.0.text").String(), "%s", actual)
 				})
 			}

diff --git a/text/message_validation.go b/text/message_validation.go
@@ -286,6 +286,8 @@ func NewErrorValidationDuplicateCredentialsWithHints(availableCredentialTypes []
 				humanReadable = append(humanReadable, "social sign in")
 			case "webauthn":
 				humanReadable = append(humanReadable, "your passkey or a security key")
+			case "passkey":
+				humanReadable = append(humanReadable, "your passkey")
 			}
 		}
 		if len(humanReadable) == 0 {