getAssertion does not use advanced settings

duo-labs / webauthn.io

The source code for webauthn.io, a demonstration of WebAuthn.

https://webauthn.io

BSD 3-Clause "New" or "Revised" License

647 stars 120 forks source link

getAssertion does not use advanced settings #27

Closed dschuermann closed 1 year ago

dschuermann commented 4 years ago

In our tests, makeCredential seems to pick up the advanced settings correctly, i.e. selecting "user verification" as "discouraged" works.

But getAssertion seems not to use the advanced settings. At least "user verification" is not picked up. Instead, the Browser default is used.

I haven't verified this in your code.

https://webauthntest.azurewebsites.net/ does pick up "user verification" for getAssertion correctly.

gtbuchanan commented 3 years ago

I can confirm I experience a similar problem with "User Verification" set to "Required". "Login" is successful even on user agents that do not prompt for a PIN (Chrome for Android), which makes me think it's actually using "Preferred".

MasterKale commented 1 year ago

This was indeed an issue with the older version of the site. It's been addressed with the release of v2 of the site (#58).