If I'm doing a risky action, I need to assert my identity by using my passkey.
By risky action, I mean : an action that can create a security failure in Tuleap.
For example, I want to add a new ssh key, When clicking on the add button, I'm asked to use my passkey to check my identity. After I confirm it, I can add the the ssh key.
A non-exhaustive list of risky actions :
- add/delete ssh key in user preferences
- add/delete access key in user preferences
- As site administrator, delete one of the passkeys of a user (story #31179)