Skip to content

feat: add support for passkey login method #11601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
HynoR wants to merge 12 commits into
base: dev-v2
Choose a base branch
from
Open

feat: add support for passkey login method #11601

HynoR wants to merge 12 commits into from

Conversation

@HynoR
Copy link
Contributor

@HynoR HynoR commented Jan 8, 2026
edited
Loading

合并此功能同时需要更新文档和 1pctl

What this PR does / why we need it?

源自于Issues需求

设计流程

使用go webauthn 进行passkey 相关协议对接,横向扩展新的登录方式
用户在引导情况下启用面板 SSL 配置可信 IP 证书 或者 域名证书(推荐域名避免 ip 变更导致通行密钥失效)后,即可启用 passkey 功能,为设备添加通行密钥。
通行密钥额外走通行密钥的接口,只有配置了通行密钥接口才可被调用。
通行密钥主要考虑便捷性,直接和账号密码登录同级,而不是作为 MFA 替代品(未来也可以支持)

注册通行密钥:
当用户配好可信环境,浏览器 securecontext 为支持,并且支持 passkey 的情况下,可以在设备里添加通行密钥,管理、删除通行密钥。服务器按照 webauthn 只存储公钥

使用通行密钥:
当通行密钥配置完毕,下次登录时默认显示通行密钥登录页面,用户可选通行密钥登录,当设备使用私钥签名后,浏览器会发送硬件签名到后端进行公钥验证,通过则调取 session 给用户登录状态

如果通行密钥不可用,可以回退到默认的账号密码登录。同时如果需要关闭通行密钥,可面板删除通行密钥或者命令行使用 1pctl 清除存储在系统内的通行密钥公钥

用户变更面板域名、或者关闭面板 ssl会自动清空通行密钥,需要用户 重新启用,重新注册通行密钥。

Summary of your change

  • 支持单用户绑定Passkey 登录
  • Passkey 登录失败允许用户回退到账号密码登录
  • 支持 1pctl 一键清空 passkey
  • 基本检查 passkey 的可用性来判断是否可用可添加 passkey
    注:
  • 添加 Passkey 需要添加域名和可信证书来让 浏览器端的WebAuthn执行签名过程。自签证书和非 https 都会拒绝签名。
Clipboard_Screenshot_1767931113 image image

image

Please indicate you've done the following:

  • Made sure tests are passing and test coverage is added if needed.
  • Made sure commit message follow the rule of Conventional Commits specification.
  • Considered the docs impact and opened a new docs issue or PR with docs changes if needed.

@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Jan 8, 2026

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Jan 8, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wanghe-fit2cloud for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@HynoR HynoR marked this pull request as ready for review January 9, 2026 04:52
@HynoR HynoR changed the title [WIP] feat: 支持 Passkey 登录 1Panel 面板 feat: 支持 Passkey 登录 1Panel 面板 Jan 9, 2026
@HynoR HynoR marked this pull request as draft January 9, 2026 11:30
@HynoR HynoR marked this pull request as ready for review January 10, 2026 05:06
@HynoR HynoR changed the title feat: 支持 Passkey 登录 1Panel 面板 feat: add support for passkey login method Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ssongliu ssongliu Awaiting requested review from ssongliu

@zhengkunwang223 zhengkunwang223 Awaiting requested review from zhengkunwang223

@wanghe-fit2cloud wanghe-fit2cloud Awaiting requested review from wanghe-fit2cloud

Assignees

No one assigned

Labels

do-not-merge/release-note-label-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HynoR