Open yackermann opened 4 months ago
At this point I think we can deprecate superGluu completely, and move to platform specific attestations
Android: https://developer.android.com/privacy-and-security/security-key-attestation iOS: https://developer.apple.com/documentation/devicecheck/establishing-your-app-s-integrity
That means that we can run it as standard attestation validation, with standard metadata containing Android's and Apple's certificates
@shekhar16
Project requirements:
If SuperGluu authenticator is used, it should be using FIDO2, with proper metadata flow.
[Future discussion]