feat(settings): wire passkey management UI to backend#20380
Merged
MagentaManifold merged 1 commit intomainfrom Apr 22, 2026
Merged
feat(settings): wire passkey management UI to backend#20380MagentaManifold merged 1 commit intomainfrom
MagentaManifold merged 1 commit intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Wires the Settings “Passkeys” management UI into the FxA backend by adding passkeys to the settings account state/storage model, fetching passkeys from auth-server, and invoking backend APIs for passkey operations. It also fixes auth-server passkey handlers to treat uid as hex when constructing buffers.
Changes:
- Add
passkeysto settings account state, unified localStorage schema, and account data fetching/refresh flows. - Update Settings UI components (UnitRowPasskey/PasskeySubRow) to read passkeys from account context and call backend passkey APIs.
- Fix auth-server passkey/account handlers to use
Buffer.from(uid, 'hex')when querying passkeys.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/fxa-settings/src/models/contexts/AppContext.ts | Adds passkeys to the default mock account context. |
| packages/fxa-settings/src/models/contexts/AccountStateContext.tsx | Extends account state model to include passkeys and serializes it through unified storage. |
| packages/fxa-settings/src/models/Account.ts | Adds passkeys getter, refresh support, and passkey delete/rename methods. |
| packages/fxa-settings/src/lib/hooks/useAccountData.ts | Adds passkeys support to consolidated account fetch/field refetch logic. |
| packages/fxa-settings/src/lib/account-storage.ts | Extends unified localStorage schema to persist passkeys. |
| packages/fxa-settings/src/components/Settings/UnitRowPasskey/index.tsx | Switches to reading passkeys from useAccount() and keys subrows by credentialId. |
| packages/fxa-settings/src/components/Settings/UnitRowPasskey/index.test.tsx | Updates tests to provide passkeys through AppContext. |
| packages/fxa-settings/src/components/Settings/UnitRowPasskey/index.stories.tsx | Updates stories to provide passkeys (and mock passkey methods) via AppContext. |
| packages/fxa-settings/src/components/Settings/SubRow/index.tsx | Updates passkey row data shape and calls account.deletePasskey from UI. |
| packages/fxa-settings/src/components/Settings/SubRow/index.test.tsx | Updates passkey subrow tests to mock useAccount() instead of passing deletePasskey as a prop. |
| packages/fxa-settings/src/components/Settings/SubRow/index.stories.tsx | Updates passkey stories to new passkey data shape. |
| packages/fxa-settings/src/components/Settings/Security/index.tsx | Adds UnitRowPasskey into Security settings behind a feature flag. |
| packages/fxa-content-server/server/config/local.json-dist | Adds passkey-related feature flags to local config template. |
| packages/fxa-auth-server/lib/routes/passkeys.ts | Uses hex-decoding for uid buffer conversion in passkey routes. |
| packages/fxa-auth-server/lib/routes/account.ts | Uses hex-decoding for uid when listing passkeys in the consolidated /account response. |
| libs/accounts/passkey/src/lib/passkey.repository.in.spec.ts | Updates test description to reflect lastUsedAt naming. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MagentaManifold
force-pushed
the
FXA-13073
branch
from
77e2f9f to
bdfe514
Compare
5 tasks
5 tasks
MagentaManifold
force-pushed
the
FXA-13073
branch
3 times, most recently
from
4a81b63 to
3779e55
Compare
dschom
reviewed
Apr 22, 2026
| * Deletes the passkey identified by `credentialId`. | ||
| * Requires a cached MFA JWT with scope `passkey`. | ||
| */ | ||
| async deletePasskey(credentialId: string): Promise<void> { |
Contributor
There was a problem hiding this comment.
Valerie made a comment on my PR that we wanted to move away from using Account.ts and use auth-client directly. Personally I don't see this a blocker, but @vpomerleau what are your thoughts?
Contributor
There was a problem hiding this comment.
In this case since it ties in with the data fetching/refresh, this probably makes sense? But I'll admit I haven't looked closely at this model since we switched from graphql to REST
dschom
reviewed
Apr 22, 2026
| LinkedAccount, | ||
| SecurityEvent, | ||
| } from '../Account'; | ||
| import type { Passkey } from 'fxa-auth-client'; |
MagentaManifold
force-pushed
the
FXA-13073
branch
from
3779e55 to
566fb88
Compare
vpomerleau
reviewed
Apr 22, 2026
Contributor
vpomerleau
left a comment
vpomerleau
left a comment
There was a problem hiding this comment.
Tested locally and all happy paths appear to be working as expected 🚀
I would just recommend a change to the error handling before merging.
Because: * we want passkey management UI to actually work This commit: * wires passkey management UI to backend Closes FXA-13073
MagentaManifold
force-pushed
the
FXA-13073
branch
from
566fb88 to
02e3c30
Compare
vpomerleau
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Because
This pull request
Issue that this pull request solves
Closes: FXA-13073
Checklist
Put an
xin the boxes that applyHow to review (Optional)
Screenshots (Optional)
Please attach the screenshots of the changes made in case of change in user interface.
Other information (Optional)
I checked with UX, and passkey delete indeed should be a modal, while registration is a separate page.