search

webauthn-open-source / fido2-lib

A node.js library for performing FIDO 2.0 / WebAuthn server functionality
https://webauthn.io
MIT License
407 stars 120 forks source link

User verification in assertionResult does not follow official webauthn spec #169

Open C0x41lch0x41 opened 4 months ago

C0x41lch0x41 commented 4 months ago

The official webauthn spec says that UV flag should be set only if userVerification is set to required: See point 16 here.

However the lib sets the UV flag not matter what for the first factor here

JamesCullum commented 4 months ago

A merge request would be great 👍