feat: add webauthn configuration variables (#1773)

J0 · cemalkilic · commit c0f167cc2b50 · 2025-08-07T15:14:32.000+02:00
## What kind of change does this PR introduce?

Add `MFA_WEB_AUTHN_ENROLL_ENABLED` and `MFA_WEB_AUTHN_VERIFY_ENABLED` in
support of the MFA WebAuthn implementation.
diff --git a/example.env b/example.env
@@ -233,3 +233,6 @@ GOTRUE_HOOK_CUSTOM_SMS_PROVIDER_SECRET=""
 # Test OTP Config
 GOTRUE_SMS_TEST_OTP="<phone-1>:<otp-1>, <phone-2>:<otp-2>..."
 GOTRUE_SMS_TEST_OTP_VALID_UNTIL="<ISO date time>" # (e.g. 2023-09-29T08:14:06Z)
+
+GOTRUE_MFA_WEB_AUTHN_ENROLL_ENABLED="false"
+GOTRUE_MFA_WEB_AUTHN_VERIFY_ENABLED="false"
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -111,18 +111,22 @@ type JWTConfiguration struct {
 }
 
 type MFAFactorTypeConfiguration struct {
+	EnrollEnabled bool `json:"enroll_enabled" split_words:"true" default:"false"`
+	VerifyEnabled bool `json:"verify_enabled" split_words:"true" default:"false"`
+}
+
+type TOTPFactorTypeConfiguration struct {
 	EnrollEnabled bool `json:"enroll_enabled" split_words:"true" default:"true"`
 	VerifyEnabled bool `json:"verify_enabled" split_words:"true" default:"true"`
 }
 
 type PhoneFactorTypeConfiguration struct {
 	// Default to false in order to ensure Phone MFA is opt-in
-	EnrollEnabled bool               `json:"enroll_enabled" split_words:"true" default:"false"`
-	VerifyEnabled bool               `json:"verify_enabled" split_words:"true" default:"false"`
-	OtpLength     int                `json:"otp_length" split_words:"true"`
-	SMSTemplate   *template.Template `json:"-"`
-	MaxFrequency  time.Duration      `json:"max_frequency" split_words:"true"`
-	Template      string             `json:"template"`
+	MFAFactorTypeConfiguration
+	OtpLength    int                `json:"otp_length" split_words:"true"`
+	SMSTemplate  *template.Template `json:"-"`
+	MaxFrequency time.Duration      `json:"max_frequency" split_words:"true"`
+	Template     string             `json:"template"`
 }
 
 // MFAConfiguration holds all the MFA related Configuration
@@ -133,7 +137,8 @@ type MFAConfiguration struct {
 	MaxEnrolledFactors          float64                      `split_words:"true" default:"10"`
 	MaxVerifiedFactors          int                          `split_words:"true" default:"10"`
 	Phone                       PhoneFactorTypeConfiguration `split_words:"true"`
-	TOTP                        MFAFactorTypeConfiguration   `split_words:"true"`
+	TOTP                        TOTPFactorTypeConfiguration  `split_words:"true"`
+	WebAuthn                    MFAFactorTypeConfiguration   `split_words:"true"`
 }
 
 type APIConfiguration struct {
