diff options
| author | Matthew Miller <matthew@millerti.me> | 2023-01-03 22:44:10 -0800 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2023-01-03 22:45:01 -0800 |
| commit | f0f4ee9d0f5128ca8f45e50e8b00b29979e16217 (patch) | |
| tree | 1792e78144b49c7c79b6f97f4cdc869351aa05c7 | |
| parent | aed9d2ac948ea88291bca3ab821e8b8d478b699d (diff) | |
Prefer resident keys
| -rw-r--r-- | packages/server/src/registration/generateRegistrationOptions.test.ts | 10 | ||||
| -rw-r--r-- | packages/server/src/registration/generateRegistrationOptions.ts | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts index 678c6a0..ce60708 100644 --- a/packages/server/src/registration/generateRegistrationOptions.test.ts +++ b/packages/server/src/registration/generateRegistrationOptions.test.ts @@ -48,8 +48,8 @@ test('should generate credential request options suitable for sending via JSON', attestation: attestationType, excludeCredentials: [], authenticatorSelection: { - requireResidentKey: true, - residentKey: 'required', + requireResidentKey: false, + residentKey: 'preferred', userVerification: 'preferred', }, }); @@ -198,7 +198,7 @@ test('should discourage resident key if residentKey option is absent but require expect(options.authenticatorSelection?.residentKey).toBeUndefined(); }); -test('should require resident key if both residentKey and requireResidentKey options are absent', () => { +test('should prefer resident key if both residentKey and requireResidentKey options are absent', () => { const options = generateRegistrationOptions({ rpID: 'not.real', rpName: 'SimpleWebAuthn', @@ -206,8 +206,8 @@ test('should require resident key if both residentKey and requireResidentKey opt userName: 'usernameHere', }); - expect(options.authenticatorSelection?.requireResidentKey).toEqual(true); - expect(options.authenticatorSelection?.residentKey).toEqual('required'); + expect(options.authenticatorSelection?.requireResidentKey).toEqual(false); + expect(options.authenticatorSelection?.residentKey).toEqual('preferred'); }); test('should set requireResidentKey to true if residentKey if set to required', () => { diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts index 8f5e0c0..f779ace 100644 --- a/packages/server/src/registration/generateRegistrationOptions.ts +++ b/packages/server/src/registration/generateRegistrationOptions.ts @@ -62,7 +62,7 @@ export const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[] = [ * defaults. */ const defaultAuthenticatorSelection: AuthenticatorSelectionCriteria = { - residentKey: 'required', + residentKey: 'preferred', userVerification: 'preferred', }; |