From ad2b16f26d16f74a3f13bf8d80fae48ee35e9520 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 27 Apr 2026 08:48:44 +0200
Subject: [PATCH] feat: add passkey and auth policy React Query hooks

Adds hooks for listing/renaming/deleting passkeys, MFA method preference,
tenant auth settings, and vendor auth policy (using the new putJson method).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 ui/src/api/tenant-hooks.ts | 48 +++++++++++++++++++++++++++++++++++++-
 ui/src/api/vendor-hooks.ts | 17 +++++++++++++-
 2 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/ui/src/api/tenant-hooks.ts b/ui/src/api/tenant-hooks.ts
index 0a7056c..c4dd3a5 100644
--- a/ui/src/api/tenant-hooks.ts
+++ b/ui/src/api/tenant-hooks.ts
@@ -1,6 +1,6 @@
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import { api } from './client';
-import type { DashboardData, TenantLicenseData, TenantSettings, AuditLogPage, AuditLogFilters, SsoConnector, CreateSsoConnectorRequest, SsoTestResult, MfaStatus, MfaSetupResponse, BackupCodesResponse } from '../types/api';
+import type { DashboardData, TenantLicenseData, TenantSettings, AuditLogPage, AuditLogFilters, SsoConnector, CreateSsoConnectorRequest, SsoTestResult, MfaStatus, MfaSetupResponse, BackupCodesResponse, PasskeyCredential, AuthPolicy } from '../types/api';
 
 export function useTenantDashboard() {
   return useQuery<DashboardData>({
@@ -197,3 +197,49 @@ export function useUpdateTenantSettings() {
     onSuccess: () => qc.invalidateQueries({ queryKey: ['tenant', 'settings'] }),
   });
 }
+
+// Passkey hooks
+export function usePasskeyList() {
+  return useQuery<PasskeyCredential[]>({
+    queryKey: ['tenant', 'mfa', 'webauthn'],
+    queryFn: () => api.get('/tenant/mfa/webauthn'),
+  });
+}
+
+export function useRenamePasskey() {
+  const qc = useQueryClient();
+  return useMutation<void, Error, { id: string; name: string }>({
+    mutationFn: ({ id, name }) => api.patch(`/tenant/mfa/webauthn/${id}/name`, { name }),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['tenant', 'mfa'] }),
+  });
+}
+
+export function useDeletePasskey() {
+  const qc = useQueryClient();
+  return useMutation<void, Error, string>({
+    mutationFn: (id) => api.delete(`/tenant/mfa/webauthn/${id}`),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['tenant', 'mfa'] }),
+  });
+}
+
+export function useUpdateMfaMethodPreference() {
+  return useMutation<void, Error, string>({
+    mutationFn: (preference) => api.post('/tenant/mfa/method-preference', { preference }),
+  });
+}
+
+// Auth settings hooks
+export function useTenantAuthSettings() {
+  return useQuery<AuthPolicy>({
+    queryKey: ['tenant', 'auth-settings'],
+    queryFn: () => api.get('/tenant/auth-settings'),
+  });
+}
+
+export function useUpdateTenantAuthSettings() {
+  const qc = useQueryClient();
+  return useMutation<void, Error, Partial<AuthPolicy>>({
+    mutationFn: (updates) => api.patch('/tenant/auth-settings', updates),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['tenant', 'auth-settings'] }),
+  });
+}
diff --git a/ui/src/api/vendor-hooks.ts b/ui/src/api/vendor-hooks.ts
index 09c5042..4a56aee 100644
--- a/ui/src/api/vendor-hooks.ts
+++ b/ui/src/api/vendor-hooks.ts
@@ -1,6 +1,6 @@
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import { api } from './client';
-import type { VendorTenantSummary, VendorTenantDetail, CreateTenantRequest, TenantResponse, LicenseBundleResponse, MintLicenseRequest, LicensePreset, VerifyLicenseResponse, AuditLogPage, AuditLogFilters, TenantMetricsEntry } from '../types/api';
+import type { VendorTenantSummary, VendorTenantDetail, CreateTenantRequest, TenantResponse, LicenseBundleResponse, MintLicenseRequest, LicensePreset, VerifyLicenseResponse, AuditLogPage, AuditLogFilters, TenantMetricsEntry, AuthPolicy } from '../types/api';
 
 export function useVendorTenants() {
   return useQuery<VendorTenantSummary[]>({
@@ -209,3 +209,18 @@ export function useTenantMetrics() {
     refetchInterval: 60_000,
   });
 }
+
+export function useVendorAuthPolicy() {
+  return useQuery<AuthPolicy>({
+    queryKey: ['vendor', 'auth-policy'],
+    queryFn: () => api.get('/vendor/auth-policy'),
+  });
+}
+
+export function useUpdateVendorAuthPolicy() {
+  const qc = useQueryClient();
+  return useMutation<AuthPolicy, Error, Partial<AuthPolicy>>({
+    mutationFn: (updates) => api.putJson('/vendor/auth-policy', updates),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['vendor', 'auth-policy'] }),
+  });
+}