UserVerfication setting does not have any effect

[Sebi2020]

Related issues: #13 (marked as fixed, but it isn't)

I think there must be some implementation error on webauthn.io regarding user verfication, because it's impossible to do logins without PIN input prompts.

For reference try they same on https://webauthntest.azurewebsites.net/login.html (choose a user name first). It works as expected on this test site, but fails on webauthn.io

Environment

OS: Windows 10 Browser: Chrome or Firefox Security Key: Yubikey 5

Reproduction

1. Go to webauthn.io
2. Choose a user name
3. Open Advanced options
4. Set User Verfication to Discouraged and Register with Resident Key to Required
5. Click Register, enter PIN, etc..
6. Click Login
7. PIN dialog appears, even if you have set User Verification to Discouraged

[MasterKale]

Fixed in the latest revamp of the site (#58)

[WinstonChenn]

@MasterKale Is the revamped code updated on webauthn.io site? because I don't see the "Only Registered Authenticators" option on the site, which is shown in the example screenshot in the PR you linked to. Just want to clarify.

[MasterKale]

@MasterKale Is the revamped code updated on webauthn.io site? because I don't see the "Only Registered Authenticators" option on the site, which is shown in the example screenshot in the PR you linked to. Just want to clarify.

The option was removed here because it was superfluous in the face of authentication behavior that already includes all registered authenticators if you provide a username.

If you don't provide a username then you can select a credential to present to the site, so you can test usernameless/passkeys support (like what happens with conditional UI.)

[WinstonChenn]

@MasterKale Got it, thank you!