feat: adds webauthn support to the dashboard recipe (#613)

namsnath · web-flow · commit 04699cb309f1 · 2025-08-19T17:29:28.000+05:30
- Bumps dashboard version to `0.15`
- Bumps SDK to `0.30.2`
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.30.2] - 2025-08-14
+- Adds Webauthn user editing support to the Dashboard
+
 ## [0.30.1] - 2025-07-21
 - Adds missing register credential endpoint to the Webauthn recipe
 
diff --git a/setup.py b/setup.py
@@ -82,7 +82,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.30.1",
+    version="0.30.2",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="team@supertokens.com",
diff --git a/supertokens_python/constants.py b/supertokens_python/constants.py
@@ -15,7 +15,7 @@
 from __future__ import annotations
 
 SUPPORTED_CDI_VERSIONS = ["5.3"]
-VERSION = "0.30.1"
+VERSION = "0.30.2"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"
@@ -28,6 +28,6 @@
 FDI_KEY_HEADER = "fdi-version"
 API_VERSION = "/apiversion"
 API_VERSION_HEADER = "cdi-version"
-DASHBOARD_VERSION = "0.13"
+DASHBOARD_VERSION = "0.15"
 ONE_YEAR_IN_MS = 31536000000
 RATE_LIMIT_STATUS_CODE = 429
diff --git a/supertokens_python/recipe/dashboard/api/multitenancy/utils.py b/supertokens_python/recipe/dashboard/api/multitenancy/utils.py
@@ -78,6 +78,7 @@ def factor_id_to_recipe(factor_id: str) -> str:
         "link-email": "Passwordless",
         "link-phone": "Passwordless",
         "totp": "Totp",
+        "webauthn": "WebAuthn",
     }
 
     return factor_id_to_recipe_map.get(factor_id, "")
diff --git a/supertokens_python/recipe/dashboard/api/userdetails/user_put.py b/supertokens_python/recipe/dashboard/api/userdetails/user_put.py
@@ -37,6 +37,11 @@
 )
 from supertokens_python.recipe.usermetadata import UserMetadataRecipe
 from supertokens_python.recipe.usermetadata.asyncio import update_user_metadata
+from supertokens_python.recipe.webauthn.functions import update_user_email
+from supertokens_python.recipe.webauthn.interfaces.recipe import (
+    UnknownUserIdErrorResponse,
+)
+from supertokens_python.recipe.webauthn.recipe import WebauthnRecipe
 from supertokens_python.types import RecipeUserId
 
 from .....types.response import APIResponse
@@ -201,6 +206,31 @@ async def update_email_for_recipe_id(
 
         return OkResponse()
 
+    if recipe_id == "webauthn":
+        validation_error = (
+            await WebauthnRecipe.get_instance().config.validate_email_address(
+                email=email,
+                tenant_id=tenant_id,
+                user_context=user_context,
+            )
+        )
+
+        if validation_error is not None:
+            return InvalidEmailErrorResponse(validation_error)
+
+        email_update_response = await update_user_email(
+            email=email,
+            recipe_user_id=recipe_user_id.get_as_string(),
+            tenant_id=tenant_id,
+            user_context=user_context,
+        )
+
+        if isinstance(email_update_response, EmailAlreadyExistsError):
+            return EmailAlreadyExistsErrorResponse()
+
+        if isinstance(email_update_response, UnknownUserIdErrorResponse):
+            raise Exception("Should never come here")
+
     # If it comes here then the user is a third party user in which case the UI should not have allowed this
     raise Exception("Should never come here")
 
diff --git a/supertokens_python/recipe/dashboard/utils.py b/supertokens_python/recipe/dashboard/utils.py
@@ -18,6 +18,7 @@
 from typing_extensions import Literal
 
 from supertokens_python.recipe.accountlinking.recipe import AccountLinkingRecipe
+from supertokens_python.recipe.webauthn.recipe import WebauthnRecipe
 
 if TYPE_CHECKING:
     from supertokens_python.framework.request import BaseRequest
@@ -217,7 +218,9 @@ async def get_user_for_recipe_id(
 async def _get_user_for_recipe_id(
     recipe_user_id: RecipeUserId, recipe_id: str, user_context: Dict[str, Any]
 ) -> GetUserForRecipeIdHelperResult:
-    recipe: Optional[Literal["emailpassword", "thirdparty", "passwordless"]] = None
+    recipe: Optional[
+        Literal["emailpassword", "thirdparty", "passwordless", "webauthn"]
+    ] = None
 
     user = await AccountLinkingRecipe.get_instance().recipe_implementation.get_user(
         recipe_user_id.get_as_string(), user_context
@@ -257,6 +260,12 @@ async def _get_user_for_recipe_id(
             recipe = "passwordless"
         except Exception:
             pass
+    elif recipe_id == WebauthnRecipe.recipe_id:
+        try:
+            WebauthnRecipe.get_instance()
+            recipe = "webauthn"
+        except Exception:
+            pass
 
     return GetUserForRecipeIdHelperResult(user=user, recipe=recipe)
 
diff --git a/supertokens_python/recipe/multitenancy/api/implementation.py b/supertokens_python/recipe/multitenancy/api/implementation.py
@@ -25,7 +25,7 @@
 from supertokens_python.types.response import GeneralErrorResponse
 
 from ..constants import DEFAULT_TENANT_ID
-from ..interfaces import APIInterface, ThirdPartyProvider
+from ..interfaces import APIInterface, LoginMethodWebauthn, ThirdPartyProvider
 
 
 class APIImplementation(APIInterface):
@@ -115,5 +115,6 @@ async def login_methods_get(
                 enabled="thirdparty" in valid_first_factors,
                 providers=final_provider_list,
             ),
+            webauthn=LoginMethodWebauthn(enabled="webauthn" in valid_first_factors),
             first_factors=valid_first_factors,
         )
diff --git a/supertokens_python/recipe/multitenancy/interfaces.py b/supertokens_python/recipe/multitenancy/interfaces.py
@@ -330,6 +330,16 @@ def to_json(self) -> Dict[str, Any]:
         }
 
 
+class LoginMethodWebauthn:
+    def __init__(self, enabled: bool):
+        self.enabled = enabled
+
+    def to_json(self) -> Dict[str, Any]:
+        return {
+            "enabled": self.enabled,
+        }
+
+
 class LoginMethodThirdParty:
     def __init__(self, enabled: bool, providers: List[ThirdPartyProvider]):
         self.enabled = enabled
@@ -348,12 +358,14 @@ def __init__(
         email_password: LoginMethodEmailPassword,
         passwordless: LoginMethodPasswordless,
         third_party: LoginMethodThirdParty,
+        webauthn: LoginMethodWebauthn,
         first_factors: List[str],
     ):
         self.status = "OK"
         self.email_password = email_password
         self.passwordless = passwordless
         self.third_party = third_party
+        self.webauthn = webauthn
         self.first_factors = first_factors
 
     def to_json(self) -> Dict[str, Any]:
@@ -362,6 +374,7 @@ def to_json(self) -> Dict[str, Any]:
             "emailPassword": self.email_password.to_json(),
             "passwordless": self.passwordless.to_json(),
             "thirdParty": self.third_party.to_json(),
+            "webauthn": self.webauthn.to_json(),
             "firstFactors": self.first_factors,
         }
 

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,7 @@ def factor_id_to_recipe(factor_id: str) -> str:`
`78`	`78`	`"link-email": "Passwordless",`
`79`	`79`	`"link-phone": "Passwordless",`
`80`	`80`	`"totp": "Totp",`
	`81`	`+ "webauthn": "WebAuthn",`
`81`	`82`	`}`
`82`	`83`
`83`	`84`	`return factor_id_to_recipe_map.get(factor_id, "")`