website/docs: add passwordless docs

closes #1863

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-02 15:48:34 +01:00
parent 02771683a6
commit 692e75b057
1 changed files with 24 additions and 0 deletions

View File

@ -3,3 +3,27 @@ title: Password stage
--- ---
This is a generic password prompt which authenticates the current `pending_user`. This stage allows the selection of the source the user is authenticated against. This is a generic password prompt which authenticates the current `pending_user`. This stage allows the selection of the source the user is authenticated against.
## Passwordless login
To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage.
Depending on what kind of device you want to require the user to have:
#### WebAuthn
```python
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
return WebAuthnDevice.objects.filter(user=request.user, active=True).exists()
```
#### Duo
```python
from authentik.stages.authenticator_duo.models import DuoDevice
return DuoDevice.objects.filter(user=request.user, active=True).exists()
```
Afterwards, bind the policy you've created to the stage binding of the password stage.
Make sure to uncheck *Evaluate on plan* and check *Re-evaluate policies*, otherwise an invalid result will be cached.