Closed entourage closed 1 year ago
Not sure if I fully understood the question (I'm not sure if there is a strong correlation between the title and description), but I assume that this writeup might help you get a better understanding: https://stackoverflow.blog/2022/11/16/biometric-authentication-for-web-devs/
Thanks for the response, @JamesCullum. I currently have everything working using userVerification: required
and attestation: none
. During registration does the regResult variable below contain information about the authenticator, such as which biometric was used for registration?
const regResult = await f2l.attestationResult
Thanks
Why not simply try it out? 👍
To those that find this in the future, you must set attestation = 'direct'
to identify a device model. Unfortunately as of v3.4.0, this library throws an exception for some authenticators (e.g. Windows Hello w/ PIN) when attestation is required tpm attestation: only TPM_ALG_RSA supported
.
Attestation is built-in to the FIDO and WebAuthn protocols, which enables each relying party to use a cryptographically verified chain of trust from the device’s manufacturer to choose which security keys to trust, or to be more skeptical of, based on their individual needs and concerns.
Is
userVerificationDetails
part of theregResult
orauthnResult
?It looks like we may be able to accomplish this by setting the
attestation
property todirect
and then this code should extract it from theattestationObject.attStmt
(x5c or ecdaaKeyId). The library currently only supportsTPM_ALG_RSA
. https://w3c.github.io/webauthn/#enum-attestation-conveyUsing version
fido2-lib@3.4.0