From 8c9edfdb55b1ca96421b0c04d6c75062719d6636 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 27 Apr 2026 08:44:42 +0200
Subject: [PATCH] feat: add passkey_enrolled and mfa_method_preference to
 Custom JWT claims

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker/logto-bootstrap.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh
index 76f5d9d..a23910a 100644
--- a/docker/logto-bootstrap.sh
+++ b/docker/logto-bootstrap.sh
@@ -553,10 +553,13 @@ CUSTOM_JWT_SCRIPT='const getCustomJwtClaims = async ({ token, context, environme
     }
   }
   const mfaFactors = context?.user?.mfaVerificationFactors || [];
-  const mfaEnrolled = mfaFactors.some(f => f.type === "Totp");
+  const mfaEnrolled = mfaFactors.some(f => f.type === "Totp" || f.type === "WebAuthn");
+  const passkeyEnrolled = mfaFactors.some(f => f.type === "WebAuthn");
   const claims = {};
   if (roles.size > 0) claims.roles = [...roles];
   claims.mfa_enrolled = mfaEnrolled;
+  claims.passkey_enrolled = passkeyEnrolled;
+  claims.mfa_method_preference = context?.user?.customData?.mfa_method_preference || null;
   return claims;
 };'