Add support for provider-side forced uv

1Password / passkey-rs

A framework for defining Webauthn Authenticators that support passkeys

Apache License 2.0

116 stars 17 forks source link

Add support for provider-side forced uv #24

Closed coroiu closed 2 months ago

coroiu commented 3 months ago

This PR should be merged after https://github.com/1Password/passkey-rs/pull/23

In summary this PR expands on the context given to check_user so that the user of passkey-rs can decide if they want to force UV even if it wasn't required by the RP.

The PR now also checks the result of check_user to correctly return when UV was performed to the RP.

Bitwarden internal tracking: [PM-8570] based on [PM-7143] and [PM-7146]

Progdrasil commented 2 months ago

Another possibility for adding provider enforced UV on certain credentials would be to implement the credProtect extension. The advantage of this would be that RPs that care would also know that UV will always be performed with this credential.

coroiu commented 2 months ago

@Progdrasil you can go ahead and merge :)

Progdrasil commented 2 months ago

I added #26 to track adding credProtect which would be the "official" way to force UV from the provider side. That way when we have infrastructure to handle extensions in main we can move some of this logic over to handling credProtect.