futureimperfect
commented
5 years ago Thanks for making the changes I requested and explaining your thinking behind some of the others! If you could just change the line that checks if user_verification is None to this then I'm good to merge:
if user_verification is not None:
Thanks again!
With the Windows update 1903, the behaviour seems different... With old versions of Windows, I was able to use my keys without any PIN. Since the update, the protocol used seems to be FIDO2 instead of FIDO-U2F, breaking some of my codes. After investigation, the
WebAuthnMakeCredentialOptions.registration_dictproperty did not contain theauthenticatorSelection->userVerificationfield (https://www.w3.org/TR/webauthn/#userVerificationRequirement).This option allow the server to enforce or not the creation of a PIN (actual Windows behaviour) on the client-side, "e.g., in the interest of minimizing disruption to the user interaction flow" as mentionned in the W3C webauthn Recommendation linked.
This commit should not be api breaking, and the default behaviour is the same as without the commit.