-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow passing authenticatorSelection.residentKey
option in client.register
#34
Comments
Hi...
This came to quite a surprise for me, so I tested again and ...It currently works for Windows (popping up native user selection) but not in Android (saying no passkey available)... damn protocol.
Are you certain it's related to this attribute? It would be nice to test on all platforms to obtain a homogenous behavior.
...that might be an option ...let me gather my thoughts and sleep over it. |
PS: That's also a case where |
Thank you for the quick reply!
That would match my observations, I tested on Android and the chrome devtools.
I think that would work. |
Added "discoverable" in version 1.3.0. Confirmation that it works as expected is welcome, See playground |
I can confirm that, in my testing application, this works as I had expected! 👍 The playground gives me a "credentialId mismatch" error, but it also allows me to choose from my previously created accounts as I wanted. Thank you so much for the quick implementation of this feature! |
If you create both a discoverable key and a non-discoverable key, both will coexist, even with the same userHandle / user ID. (That was new to me, I thought they would override each other, but I guess being synced or device bound makes it two distinct credentials) I guess the mismatch occurs when you register a non-discoverable key, then try to authenticate with an empty list which will deliver the other discoverable key. |
@Ionaru hi there! I am also trying to use this library without usernames 😅
Thanks! |
@asbjornenge Hello! I'll gladly answer your questions.
For a presentation a little while ago I've built a demo/testbed application for webauthn using this library in the backend. Feel free to check it out and play around with the settings: https://github.com/Ionaru/webauthn-demo I'm always open to new ideas to help bring this new tech to widespread use. :) |
@Ionaru thanks for your prompt reply 🙏 Yeah it does not seem to be any way to get a list without "bothering" the user 😅 Two buttons it is. I'll take a look at your demo and let you know how my approach turns out 😊 Will try to add the UID to localstorage and prefill it if it exists 👍 |
Which problem is this feature request solving?
In my login flow, I do not want the user to have to type a username. So I pass an empty array of
credentialIds
toclient.authenticate
. This unfortunately does not work in this library because the created passkeys are not a "Client-side discoverable Credential". To create "Client-side discoverable Credentials", theresidentKey
option inauthenticatorSelection
during registration needs to be set to"preferred"
or"required"
.Currently it is not possible to set the
authenticatorSelection.residentKey
option inclient.register
This login flow is also mentioned in your README.md, but as far as I'm aware, not currently possible to create with this library.
Describe the solution you'd like
A new option in the third parameter of
client.register
(RegisterOptions
) forresidentKey
, to set a value forauthenticatorSelection.residentKey
increationOptions
.Describe alternatives you've considered
Maybe a generic override using a
Partial<PublicKeyCredentialCreationOptions>
interface would be preferred, this way any option can be changed without needing a code change every time someone wants a new option to be supported.Can you submit a pull request?
Yes, if the feature is approved.
The text was updated successfully, but these errors were encountered: