The MFA login with security key due to wrongly used validation method of the webauthn library. The security key validation must not use the validation method for discoverable credentials, because the MFA credential is not created as a discoverable credential. Because of the usage of the wrong method a MFA login with a security key never succeeds.
Implementation
Use the correct webauthn validation method to validate the MFA security key response.
Tests
Create a new user with a security key as MFA method
Description
The MFA login with security key due to wrongly used validation method of the webauthn library. The security key validation must not use the validation method for discoverable credentials, because the MFA credential is not created as a discoverable credential. Because of the usage of the wrong method a MFA login with a security key never succeeds.
Implementation
Use the correct webauthn validation method to validate the MFA security key response.
Tests