Support hardware keys prompts in Connect #47652
Open
+2,433
−88
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #30030 #17311 #34415
This is the last PR for a hardware keys support in Connect.
Since
yubikey.go
now supports custom prompts, we can pass it a one that shows modals in the Electron app.The prompts are displayed as important modals. The UX of this is not perfect, since if you have to unlock the hardware key during log-in, you will see a dialog on top of other dialog. Earlier I considered integrating these prompts with a login dialog, but that would require some significant changes on the frontend side (if there’s a login in progress the prompt should be a part of the login dialog, otherwise it should be a standalone dialog). Because of the additional complexity, I kept this out of scope.
TODO: Add hardware keys to the test plan.
Best to review commit-by-commit.
How to test it
PIV=dynamic make build/tsh
(same for teleport)hardware_key_touch_and_pin
to have all possible prompts).changelog: Add support for hardware keys in Teleport Connect