MasterKale
commented
11 months ago I'm trying to figure out if it's my implementation or lack of support on the browser/ authenticator.
Anecdotally almost everything supports ES256. It's the authenticators that support RS256 and Ed25519 that are the exception. I'm all but certain your issues are related to the omission of -7 from supportedAlgorithmIDs.
This probably isn't a satisfactory answer for you given your constraint that you only use "any deterministic signature scheme". However it's the reality of WebAuthn; the only way to really change this state of things is to advocate Google, Apple, and others for Ed25519 support. There's nothing I can really do at the library level to fix this issue if the authenticators don't support -8 in the first place...
phantomdon
Describe the issue
Hi folks, I'm currently trying to register a new passkey with my webapp. Specifically, I'm trying to register a passkey that uses either RS256
-257, or EDDSA-8(in fact, any deterministic signature scheme will work), however the application bugs out when I try to use either of these. It seems to work fine when using ES256 however.I'm currently trying to set up the passkey either through my browser (Chrome or Firefox) or through iCloud Keychain, none of the above seem to work (nor my yubikey). From docs online it seems like these algorithms should be supported, however I haven't been able to find an explicit confirmation of this.
I'm trying to figure out if it's my implementation or lack of support on the browser/ authenticator.
Thanks!
Reproduction Steps
I'm using the generic options blob, but specifically also including a
supportedAlgorithmIDs: [-8],field. This causes the browser (i.e. authenticator?) to fail to create a new passkey.Expected behavior
To be able to successfully generate a passkey under the specified signing alg.
Dependencies