Skip to content

Update WebAuthn Metadata service and show icons#48551

Open
mabartos wants to merge 1 commit intokeycloak:mainfrom
mabartos:passkeys-logos
Open

Update WebAuthn Metadata service and show icons#48551
mabartos wants to merge 1 commit intokeycloak:mainfrom
mabartos:passkeys-logos

Conversation

@mabartos
Copy link
Copy Markdown
Contributor

@mabartos mabartos commented Apr 28, 2026
edited
Loading

Details

  • Update the WebAuthn medata service data from the community passkeys project (recommended) - we previously used a proxy library that used the same, but striped out icons + not up-to-date)
  • Add authenticator provider icons (light/dark theme) to WebAuthn credentials, displayed in the Account Console and login page
  • Parse the keycloak-webauthn-metadata.json at Quarkus build time eliminating ~520ms of runtime startup cost
  • Deduplicate shared icon data URIs across authenticator entries (133 unique icons shared by 317 entries) - heap increase only ~1.2MB
  • Filter out icons exceeding 65KB (Quarkus bytecode recorder limit) with debug-level logging, so future JSON updates don't break the build
  • 2026-04-28 15:07:36,521 Build step KeycloakProcessor.configureWebAuthnMetadata completed in: 15ms
  • More info in the issues

Account UI

Old

Screenshot From 2026-04-28 11-32-26

New

Screenshot From 2026-04-28 14-45-10

Login UI

Old New
Screenshot From 2026-04-28 11-30-59 Screenshot From 2026-04-28 14-45-34

@mabartos mabartos changed the title Update WebAuthn Metadata service data and show icons Update WebAuthn Metadata service and show icons Apr 28, 2026
@mabartos mabartos marked this pull request as ready for review April 28, 2026 13:37
@mabartos mabartos requested review from a team as code owners April 28, 2026 13:37
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 28, 2026
Closed
@mabartos mabartos self-assigned this Apr 28, 2026
@mabartos
Copy link
Copy Markdown
Contributor Author

mabartos commented Apr 29, 2026

We might potentially remove the transport information from the login UI, as it might not be something that the user would want to care about IMHO - even for some security keys using the BLE, or NFC? When there's the label for the specific authn + authenticator type, the authenticator should be easily recognized without the need to know the transport type. WDYT?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edewit edewit edewit approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@mabartos mabartos

Labels

flaky-test team/cloud-native team/core-authn team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support icons for Passkeys credentials Update WebAuthn Metadata service data

2 participants

@mabartos @edewit