MasterKale
commented
2 years ago It would be very useful for RPs if they also got the AuthenticatorDataFlags so that decisions about whether the authenticator satisfied single or multi-factor authentication could be made.
These determinations are already possible as part of authentication response verification. The library always requires that up flag be True, as per the spec (see Step 16) which at a minimum requires single-factor to have been completed. You can optionally require uv be True as well by setting require_user_verification=True when invoking verify_authentication_response(), which should satisfy the multi-factor authentication requirement. As such I don't see a need for returning authData flags for any further determination as there's nothing else to really do with that data.
jwag956
Currently, on successful verify_authentication_response, a VerifiedAuthentication struct is returned - this currently has the credential_id and sign_count. It would be very useful for RPs if they also got the AuthenticatorDataFlags so that decisions about whether the authenticator satisfied single or multi-factor authentication could be made.
I am more than happy to issue a PR if you think this is a good idea.