From e0b51e4df57d0e6068783f35a6e44291fea2fa75 Mon Sep 17 00:00:00 2001
From: bjoern-m <56024829+bjoern-m@users.noreply.github.com>
Date: Thu, 21 Jul 2022 09:58:57 +0200
Subject: [PATCH] Feat: android support (#145)

* chore(backend): use 'ResidentKeyRequirementPreferred' during credential registration
* chore(hanko-js): hide passkey button on android
---
 backend/handler/webauthn.go          | 2 +-
 backend/handler/webauthn_test.go     | 2 +-
 hanko-js/src/ui/pages/LoginEmail.tsx | 7 ++++++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/handler/webauthn.go b/backend/handler/webauthn.go
index ca6d8bd2..c9b902a5 100644
--- a/backend/handler/webauthn.go
+++ b/backend/handler/webauthn.go
@@ -77,7 +77,7 @@ func (h *WebauthnHandler) BeginRegistration(c echo.Context) error {
 		webauthn.WithAuthenticatorSelection(protocol.AuthenticatorSelection{
 			AuthenticatorAttachment: protocol.Platform,
 			RequireResidentKey:      &t,
-			ResidentKey:             protocol.ResidentKeyRequirementRequired,
+			ResidentKey:             protocol.ResidentKeyRequirementPreferred,
 			UserVerification:        protocol.VerificationRequired,
 		}),
 		webauthn.WithConveyancePreference(protocol.PreferNoAttestation),
diff --git a/backend/handler/webauthn_test.go b/backend/handler/webauthn_test.go
index 41328bfd..544642aa 100644
--- a/backend/handler/webauthn_test.go
+++ b/backend/handler/webauthn_test.go
@@ -50,7 +50,7 @@ func TestWebauthnHandler_BeginRegistration(t *testing.T) {
 		assert.NotEmpty(t, creationOptions.Response.Challenge)
 		assert.Equal(t, userIdBytes, creationOptions.Response.User.ID)
 		assert.Equal(t, defaultConfig.RelyingParty.Id, creationOptions.Response.RelyingParty.ID)
-		assert.Equal(t, creationOptions.Response.AuthenticatorSelection.ResidentKey, protocol.ResidentKeyRequirementRequired)
+		assert.Equal(t, creationOptions.Response.AuthenticatorSelection.ResidentKey, protocol.ResidentKeyRequirementPreferred)
 		assert.Equal(t, creationOptions.Response.AuthenticatorSelection.UserVerification, protocol.VerificationRequired)
 		assert.True(t, *creationOptions.Response.AuthenticatorSelection.RequireResidentKey)
 	}
diff --git a/hanko-js/src/ui/pages/LoginEmail.tsx b/hanko-js/src/ui/pages/LoginEmail.tsx
index 6fddaa40..06261b10 100644
--- a/hanko-js/src/ui/pages/LoginEmail.tsx
+++ b/hanko-js/src/ui/pages/LoginEmail.tsx
@@ -43,6 +43,11 @@ const LoginEmail = () => {
   const [isAuthenticatorSupported, setIsAuthenticatorSupported] =
     useState<boolean>(null);
 
+  // isAndroidUserAgent is used to determine whether the "Login with Passkey" button should be visible, as there is
+  // currently no resident key support on Android.
+  const isAndroidUserAgent =
+    window.navigator.userAgent.indexOf("Android") !== -1;
+
   const onEmailInput = (event: Event) => {
     if (event.target instanceof HTMLInputElement) {
       setEmail(event.target.value);
@@ -161,7 +166,7 @@ const LoginEmail = () => {
         />
         <Button isLoading={isEmailLoading}>{t("labels.continue")}</Button>
       </Form>
-      {isAuthenticatorSupported ? (
+      {isAuthenticatorSupported && !isAndroidUserAgent ? (
         <Fragment>
           <Divider />
           <Form onSubmit={onWebAuthnSubmit}>