search

cedarcode / webauthn-ruby

WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
https://rubygems.org/gems/webauthn
MIT License
644 stars 51 forks source link

Sign count is always zero #396

Closed maricavor closed 11 months ago

maricavor commented 12 months ago

Why after verification sign count is not updating and always zero: 

webauthn_credential.verify(
        session[:webauthn_challenge],
        public_key: credential.public_key,
        sign_count: credential.sign_count,
        user_verification: true
      )

      credential.update!(sign_count: webauthn_credential.sign_count)

It looks like authenticator does not support a signature counter according to this: https://www.w3.org/TR/webauthn/#signature-counter. I am using macbook pro and chrome browser, where to know which authenticators support signature counters?

bdewater commented 12 months ago

This is normal and in some cases (eg passkeys synced to the cloud) even expected. In my experience USB security keys do have counters.