diff options
| author | Matthew Miller <matthew@millerti.me> | 2023-03-15 18:42:14 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-15 18:42:14 -0700 |
| commit | 2f2c2e4d522f03225403b97c218e87eb94c3634e (patch) | |
| tree | a3b7078fa9d0271fb7a4507ddb715a282208578f | |
| parent | 7a70821c47fb958445d8b6735ef364c1ae5d9a61 (diff) | |
| parent | 0d02202e8e9e8364497609a0a0e42faf25a5ff10 (diff) | |
Merge pull request #361 from MasterKale/fix/360-shorten-list-of-default-pub-key-algs
fix/360-shorten-list-of-default-pub-key-algs
| -rw-r--r-- | packages/server/src/registration/generateRegistrationOptions.test.ts | 6 | ||||
| -rw-r--r-- | packages/server/src/registration/generateRegistrationOptions.ts | 8 |
2 files changed, 5 insertions, 9 deletions
diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts index 1553f92..b3a5ca8 100644 --- a/packages/server/src/registration/generateRegistrationOptions.test.ts +++ b/packages/server/src/registration/generateRegistrationOptions.test.ts @@ -36,13 +36,7 @@ test('should generate credential request options suitable for sending via JSON', pubKeyCredParams: [ { alg: -8, type: 'public-key' }, { alg: -7, type: 'public-key' }, - { alg: -36, type: 'public-key' }, - { alg: -37, type: 'public-key' }, - { alg: -38, type: 'public-key' }, - { alg: -39, type: 'public-key' }, { alg: -257, type: 'public-key' }, - { alg: -258, type: 'public-key' }, - { alg: -259, type: 'public-key' }, ], timeout, attestation: attestationType, diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts index 71cd51f..d8e0967 100644 --- a/packages/server/src/registration/generateRegistrationOptions.ts +++ b/packages/server/src/registration/generateRegistrationOptions.ts @@ -67,10 +67,12 @@ const defaultAuthenticatorSelection: AuthenticatorSelectionCriteria = { }; /** - * Filter out known bad/deprecated/etc... algorithm ID's so they're not used for new attestations. - * See https://www.iana.org/assignments/cose/cose.xhtml#algorithms + * Use the most commonly-supported algorithms + * See the following: + * - https://www.iana.org/assignments/cose/cose.xhtml#algorithms + * - https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams */ -const defaultSupportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers.filter(id => id !== -65535); +const defaultSupportedAlgorithmIDs: COSEAlgorithmIdentifier[] = [-8, -7, -257]; /** * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration" |