- Add a configure_webauthn helper to sync.sh that sets the
WebAuthn policy (both 2FA and passwordless variants) on a
realm and enables the webauthn-register and
webauthn-register-passwordless required actions so users can
self-enroll passkeys via the account console.
- Apply it to both master (RP "E-Cosplay Auth") and ecosplay
(RP "E-Cosplay") on every sync run, idempotent.
- Mirror the same policy fields and required actions in the
ecosplay realm import JSON for fresh installs. Sensible
defaults: ES256/RS256/EdDSA, user verification preferred,
no attestation, resident key not specified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
11763405ab