Use the transport from the original credential

This commit is contained in:
Manav Rathi 2024-06-10 14:17:23 +05:30
parent 03d90515a4
commit ae4f1df76c
No known key found for this signature in database
2 changed files with 2 additions and 21 deletions

View File

@ -413,26 +413,10 @@ export const beginPasskeyAuthentication = async (
export const signChallenge = async (
publicKey: PublicKeyCredentialRequestOptions,
) => {
for (const listItem of publicKey.allowCredentials ?? []) {
// From MDN:
//
// > The `transports` property is hint of the methods that the client
// > could use to communicate with the relevant authenticator of the
// > public key credential to retrieve. Possible values are ["ble",
// > "hybrid", "internal", "nfc", "usb"].
//
// TODO-PK: Better document why + why not "hybrid"
//
// note: we are orverwriting the transports array with all possible values.
// This is because the browser will only prompt the user for the transport that is available.
// Warning: In case of invalid transport value, the webauthn will fail on Safari & iOS browsers
listItem.transports = ["usb", "nfc", "ble", "internal"];
}
// Allow up to 60 seconds to wait for the retrieval
publicKey.timeout = 60 * 1000;
return await navigator.credentials.get({ publicKey });
return navigator.credentials.get({ publicKey });
};
interface FinishPasskeyAuthenticationOptions {

View File

@ -71,10 +71,7 @@ The registration ceremony starts in the browser. When the user clicks the "Add
new passkey" button, a request is sent to the server for "public key" creation
options. Although named "public key" options, they actually define customizable
parameters for the entire credential creation process. They're like an
instructional sheet that defines exactly what we want. As of the creation of
this document, the plan is to restrict user authenticators to cross-platform
ones, like hardware keys. Platform authenticators, such as TPM, are not portable
and are prone to loss.
instructional sheet that defines exactly what we want.
On the server side, the WebAuthn library generates this information based on
data provided from a `webauthn.User` interface. As a result, we satisfy this