Redirect on WebAuthn (passwordless) failure

[htbrown]

Hi,

Looking to make my authentik instance redirect users that fail to log in via a passwordless, WebAuthn method back to the starting authentication flow, but I can't find a way to implement a redirect stage to do this and was hoping someone might be able to help.

There's two flows of importance: authentication-identification (which is the normal username/password kind of thing with a button going to the WebAuthn flow) and authentication-webauthn. The latter should be passwordless authentication using WebAuthn, but when it fails it just shows an error message with no way to easily go back to the first flow. From what I can gather, this error message is built in to the Authenticatior Validation Stage type. Ideally, I would like to either have a button that allows a user to go back and retain all context, or have it automatically redirect the user to the identification stage with a suitable message.

I've tried various things with policies and stages in authentication-webauthn with little success. Is there any way to detect if the Authenticator Validation Stage has failed?

Thanks for your help and let me know if there's anything else I can provide.

[rissson]

We don't currently support that, but we've had questions around this previously. Could you open a feature request issue for this?

[htbrown]

Yes of course. See #12973. Let me know if there's anything I can add to be more helpful.

[rissson]

thank you!