Closed entourage closed 1 year ago
JamesCullum
commented
1 year ago Not sure if I fully understood the question (I'm not sure if there is a strong correlation between the title and description), but I assume that this writeup might help you get a better understanding: https://stackoverflow.blog/2022/11/16/biometric-authentication-for-web-devs/
entourage
commented
1 year ago Thanks for the response, @JamesCullum. I currently have everything working using userVerification: required and attestation: none. During registration does the regResult variable below contain information about the authenticator, such as which biometric was used for registration?
const regResult = await f2l.attestationResultThanks
JamesCullum
commented
1 year ago Why not simply try it out? 👍
entourage
commented
1 year ago To those that find this in the future, you must set attestation = 'direct' to identify a device model. Unfortunately as of v3.4.0, this library throws an exception for some authenticators (e.g. Windows Hello w/ PIN) when attestation is required tpm attestation: only TPM_ALG_RSA supported.
Attestation is built-in to the FIDO and WebAuthn protocols, which enables each relying party to use a cryptographically verified chain of trust from the device’s manufacturer to choose which security keys to trust, or to be more skeptical of, based on their individual needs and concerns.
Is
userVerificationDetailspart of theregResultorauthnResult?It looks like we may be able to accomplish this by setting the
attestationproperty todirectand then this code should extract it from theattestationObject.attStmt(x5c or ecdaaKeyId). The library currently only supportsTPM_ALG_RSA. https://w3c.github.io/webauthn/#enum-attestation-conveyUsing version
fido2-lib@3.4.0