search

teamhanko / passkeys

FIDO2-certified passkey server and SDKs for adding passkey support to any auth system
https://hanko.io/passkey-api
GNU Affero General Public License v3.0
115 stars 8 forks source link

Use attestation=direct to get correct AAGUIDs on all platforms #50

Closed FlxMgdnz closed 4 months ago

FlxMgdnz commented 6 months ago

Windows currently sets the AAGUID of any authenticator (platform and hybrid) to all zeros when using attestation=none.

Enforcing authenticator attestation on registration will change that and ensure correct AAGUIDs are being included for better passkey naming.

Another benefit is that we can then also use AAGUIDs of different security key vendors to improve the name proposals for hardware security keys even more (see https://passkeydeveloper.github.io/passkey-authenticator-aaguids/explorer/?combined)

FlxMgdnz commented 6 months ago

Compatibility on platforms has to be tested thoroughly.

shentschel commented 4 months ago

attestation is now configurable