-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions to modify the demo projet to passkeys for cross platform scenarios #384
Comments
Hi!
Does that help? |
Thank you, these are extremely helpful. |
I would like to modify the demo project to be used for cross-platform scenarios using passkeys,i.e objective being use passkeys from any device using the demo project in this repo., but need some help with the following questions
Where can I set PublicKeyCredentialHints per the webAuth level 3 spec in the demo project? Per understanding, all webauthn examples prior to relying on authenticatorAttachment (client-device, security-key, or hybrid) need to switch to credential hints in case of passkey on account of the prior world where cross-device synced credentials did not exist. With credential hints, you can tune the cross-platform registration flow to trigger hybrid registration so users do not get confused with cross-platform authenticators like Yubikeys.
Also, in PublicKeyCredentialCreationOptions, we can set authenticatorAttachment to "cross-platform" to enable the use of cross-platform authenticators (formerly called roaming authenticators), which are authenticators that can be moved around and used across multiple devices, but I could not find that in the current class under cores wenauthn/data folder
Finally, the values are set in the PublicKeyCredentialRequestOptions.allowCredentials list. This list needs to be double-checked by a backend (i.e., an LDAP directory in my case) with advanced passkey and device management capabilities to ensure that only passkeys created on a smartphone are set in the [allowCredentials] list. Can you please provide me with any pointers to add this equivalent check to persist in the current demo example?
The text was updated successfully, but these errors were encountered: