Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need inputs on parameters for PublicKeyCredentialCreationOptions and other Extensions #111

Open
RitushreePurkait96 opened this issue Oct 14, 2022 · 1 comment
Open

Need inputs on parameters for PublicKeyCredentialCreationOptions and other Extensions #111

RitushreePurkait96 opened this issue Oct 14, 2022 · 1 comment

Comments

@RitushreePurkait96
Copy link

RitushreePurkait96 commented Oct 14, 2022
edited
Loading

As per the yubico developers document, for WebAuthn Client Registration flow The Relying Party (RP) builds an instance of the PublicKeyCredentialCreationOptions and returns it to the client. The instance contains information about the user, the RP and the type of credential desired.
Please refer to the Following example for Parsed PublicKeyCredentialCreationOptions.

"publicKey": {
   "attestation": "direct",
  "authenticatorSelection": {
    "authenticatorAttachment": "cross-platform",
   "requireResidentKey": false,
   "userVerification": "discouraged"
  },
  "challenge": "qNqrdXUrk5S7dCM1MAYH3qSVDXznb-6prQoGqiACR10=",
  "excludeCredentials": [],
  "pubKeyCredParams": [
   {
    "alg": -7,
    "type": "public-key"
   }
  ],
  "rp": {
   "id": "[demo.yubico.com](http://demo.yubico.com/)",
   "name": "Yubico Demo"
  },
   "timeout": 30000,
  "user": {
   "displayName": "Yubico demo user",
   "id": "bz9ZDfHzOBLycqISTAdWwWIZt8VO-6mT3hBNXS5jwmY="
  }
 }
}

As in the current YubiKit library most of the parameters can be found, but I couldn’t figure out how to pass the following parameters:

  1. attestation
  2. authenticatorAttachment
  3. timeout

Few other required information :

  1. Does YubiKit has something similar to FIDO2CommandCancel (FIDO2 command cancel operation), if yes how to make use of it ?
  2. Does YubiKit has support for CancellationId (Cancellation ID) ?
  3. Does YubiKit has support User Verification options and if yes, how to pass the possible options like : “preferred”, “required”, or “discouraged” ?.
  4. How does YubiKit library allow passing the required option for Credential Protection Extensions like “userVerificationOptional” , “userVerificationOptionalWithCredentialIDList “, “userVerificationRequired” in case we want to control the behaviour ?
  5. Would like to get clarified on the "hmac-secret” extensions as how to pass this as a parameter/ key-value pair.

It would be great if someone can provide some inputs on the above. Please let me know if need more clarity on any of the above queries.
@mohanio
Copy link

mohanio commented Oct 31, 2022

I too have similar question on how to pass below PublicKeyCredentialCreationOptions

  • attestation
  • authenticatorAttachment
  • timeout

Could someone please help ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mohanio @RitushreePurkait96