Handle requireResidentKey nuance

1 files changed, 12 insertions, 0 deletions

diff --git a/packages/server/src/attestation/generateAttestationOptions.ts b/packages/server/src/attestation/generateAttestationOptions.ts
index e1fc70e..2c0f85b 100644
--- a/packages/server/src/attestation/generateAttestationOptions.ts
+++ b/packages/server/src/attestation/generateAttestationOptions.ts
@@ -119,6 +119,18 @@ export default function generateAttestationOptions(
     type: 'public-key',
   }));
 
+  /**
+   * "Relying Parties SHOULD set [requireResidentKey] to true if, and only if, residentKey is set
+   * to "required""
+   *
+   * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
+   */
+  if (authenticatorSelection.residentKey === 'required') {
+    authenticatorSelection.requireResidentKey = true;
+  } else {
+    authenticatorSelection.requireResidentKey = false;
+  }
+
   return {
     challenge: base64url.encode(challenge),
     rp: {