search

privacyidea / webauthn-client

Javascript client for plugins to authenticate with WebAuthn against privacyIDEA
GNU Affero General Public License v3.0
2 stars 2 forks source link

only 1-2 preferred algorithms are supported #13

Closed melanger closed 2 years ago

melanger commented 2 years ago

https://github.com/privacyidea/webauthn-client/blob/af0e59f57f857af78496bc273842a95913834851/pi-webauthn.js#L391 https://github.com/privacyidea/webauthn-client/blob/af0e59f57f857af78496bc273842a95913834851/pi-webauthn.js#L397

Only 1-2 pubKeyCredParams (therefore algorithms) are supported via parameters preferredAlgorithm and alternativeAlgorithm. This library cannot be used for 3 or more algorithms at once. For example, I cannot allow all three ES256, PS256 and RS256 at the same time. This affects privacyIDEA, which has the same limitation because of this library.

plettich commented 2 years ago

According to the standard this should be an array not restricted to two entries: https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams I think it was implemented this way because in Python lists might not necessarily ordered.