bodik
commented
1 week ago would this be resolved by https://github.com/bodik/soft-webauthn/pull/15 ?
Open Samjna-nh opened 1 week ago
bodik
commented
1 week ago would this be resolved by https://github.com/bodik/soft-webauthn/pull/15 ?
Samjna-nh
commented
1 week ago Yes, exactly what I want. Still it would be an option to have a user verification option in the constructor or (create & get) though, but that PR solves most problems.
bodik
commented
1 week ago thank's for review. i'll try to get the PR merged but no guarantees on timeframe thou ;/
If the relying party set the user verification requirement option to
required, the authenticator should return data with theUVflag on, or fail if it cannot do the user verification (spec). What other virtual authenticators usually do is to add an argument in the constructor to indicate whether the authenticator can do the user verification. And whencreate/getyou compare the setting with the options from RP to update flags / throw errors. At least, a simple implementation that allow you customize the flags when doingcreate/getsatisfies most cases, otherwise there's no way to do some tests with an RP requiring user verification.