Adds startWebAuthnAuth and verifyWebAuthnAuth functions that call
the Logto Experience API WebAuthn endpoints for passkey MFA verification.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The registration flow hit a 422 on /api/experience/submit when MFA
policy is UserControlled. Adds the same trySubmit + skipMfaBinding
pattern already used in the sign-in flow — Logto confirms mfa-skipped
works for both SignIn and Register interaction events.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Logto returns 422 with an MFA recommendation when policy is
UserControlled. Call POST /profile/mfa/mfa-skipped to skip the
binding prompt, then re-submit. Users who already have MFA enrolled
still get the TOTP verification flow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace Logto's default sign-in page with a custom React SPA that
matches the cameleer3-server login page using @cameleer/design-system.
- New Vite+React app at ui/sign-in/ with Experience API integration
- 4-step auth flow: init → verify password → identify → submit
- Design-system components: Card, Input, Button, FormField, Alert
- Same witty random subtitles as cameleer3-server LoginPage
- Dockerfile: add sign-in-frontend build stage, copy dist to image
- docker-compose: CUSTOM_UI_PATH on Logto, shared signinui volume
- SaaS entrypoint copies sign-in dist to shared volume on startup
- Add .gitattributes for LF line endings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
