PM-5001 - WebAuthn-Login.strategy - set user key should set the master key encrypted user key if it exists so that the passkey authN + MP decryption flow can work. (#6978)

libs/common/src/auth/login-strategies/webauthn-login.strategy.spec.ts

@@ -179,7 +179,11 @@ describe("WebAuthnLoginStrategy", () => {
     // Act
     await webAuthnLoginStrategy.logIn(webAuthnCredentials);
 
-    // // Assert
+    // Assert
+    // Master key encrypted user key should be set
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(idTokenResponse.key);
+
     expect(cryptoService.decryptToBytes).toHaveBeenCalledTimes(1);
     expect(cryptoService.decryptToBytes).toHaveBeenCalledWith(
       idTokenResponse.userDecryptionOptions.webAuthnPrfOption.encryptedPrivateKey,

libs/common/src/auth/login-strategies/webauthn-login.strategy.ts

@@ -15,6 +15,13 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
   }
 
   protected override async setUserKey(idTokenResponse: IdentityTokenResponse) {
+    const masterKeyEncryptedUserKey = idTokenResponse.key;
+
+    if (masterKeyEncryptedUserKey) {
+      // set the master key encrypted user key if it exists
+      await this.cryptoService.setMasterKeyEncryptedUserKey(masterKeyEncryptedUserKey);
+    }
+
     const userDecryptionOptions = idTokenResponse?.userDecryptionOptions;
 
     if (userDecryptionOptions?.webAuthnPrfOption) {