mirror of
https://github.com/ente-io/ente.git
synced 2025-08-07 23:18:10 +00:00
Use the transport from the original credential
This commit is contained in:
parent
03d90515a4
commit
ae4f1df76c
@ -413,26 +413,10 @@ export const beginPasskeyAuthentication = async (
|
||||
export const signChallenge = async (
|
||||
publicKey: PublicKeyCredentialRequestOptions,
|
||||
) => {
|
||||
for (const listItem of publicKey.allowCredentials ?? []) {
|
||||
// From MDN:
|
||||
//
|
||||
// > The `transports` property is hint of the methods that the client
|
||||
// > could use to communicate with the relevant authenticator of the
|
||||
// > public key credential to retrieve. Possible values are ["ble",
|
||||
// > "hybrid", "internal", "nfc", "usb"].
|
||||
//
|
||||
// TODO-PK: Better document why + why not "hybrid"
|
||||
//
|
||||
// note: we are orverwriting the transports array with all possible values.
|
||||
// This is because the browser will only prompt the user for the transport that is available.
|
||||
// Warning: In case of invalid transport value, the webauthn will fail on Safari & iOS browsers
|
||||
listItem.transports = ["usb", "nfc", "ble", "internal"];
|
||||
}
|
||||
|
||||
// Allow up to 60 seconds to wait for the retrieval
|
||||
publicKey.timeout = 60 * 1000;
|
||||
|
||||
return await navigator.credentials.get({ publicKey });
|
||||
return navigator.credentials.get({ publicKey });
|
||||
};
|
||||
|
||||
interface FinishPasskeyAuthenticationOptions {
|
||||
|
@ -71,10 +71,7 @@ The registration ceremony starts in the browser. When the user clicks the "Add
|
||||
new passkey" button, a request is sent to the server for "public key" creation
|
||||
options. Although named "public key" options, they actually define customizable
|
||||
parameters for the entire credential creation process. They're like an
|
||||
instructional sheet that defines exactly what we want. As of the creation of
|
||||
this document, the plan is to restrict user authenticators to cross-platform
|
||||
ones, like hardware keys. Platform authenticators, such as TPM, are not portable
|
||||
and are prone to loss.
|
||||
instructional sheet that defines exactly what we want.
|
||||
|
||||
On the server side, the WebAuthn library generates this information based on
|
||||
data provided from a `webauthn.User` interface. As a result, we satisfy this
|
||||
|
Loading…
x
Reference in New Issue
Block a user