Add support for userVerification in assertion

2 files changed, 32 insertions, 11 deletions

diff --git a/packages/server/src/assertion/generateAssertionOptions.test.ts b/packages/server/src/assertion/generateAssertionOptions.test.ts
index aa345af..fe4feb7 100644
--- a/packages/server/src/assertion/generateAssertionOptions.test.ts
+++ b/packages/server/src/assertion/generateAssertionOptions.test.ts
@@ -4,12 +4,9 @@ test('should generate credential request options suitable for sending via JSON',
   const challenge = 'totallyrandomvalue';
 
   const options = generateAssertionOptions({
-    challenge,
+    ...goodOpts1,
     timeout: 1,
-    allowedBase64CredentialIDs: [
-      Buffer.from('1234', 'ascii').toString('base64'),
-      Buffer.from('5678', 'ascii').toString('base64'),
-    ],
+    challenge,
   });
 
   expect(options).toEqual({
@@ -31,13 +28,32 @@ test('should generate credential request options suitable for sending via JSON',
 });
 
 test('defaults to 60 seconds if no timeout is specified', () => {
+  const options = generateAssertionOptions(goodOpts1);
+
+  expect(options.timeout).toEqual(60000);
+});
+
+test('should not set userVerification if not specified', () => {
   const options = generateAssertionOptions({
-    challenge: 'totallyrandomvalue',
-    allowedBase64CredentialIDs: [
-      Buffer.from('1234', 'ascii').toString('base64'),
-      Buffer.from('5678', 'ascii').toString('base64'),
-    ],
+    ...goodOpts1,
   });
 
-  expect(options.timeout).toEqual(60000);
+  expect(options.userVerification).toEqual(undefined);
 });
+
+test('should set userVerification if specified', () => {
+  const options = generateAssertionOptions({
+    ...goodOpts1,
+    userVerification: 'required',
+  });
+
+  expect(options.userVerification).toEqual('required');
+});
+
+const goodOpts1 = {
+  challenge: 'totallyrandomvalue',
+  allowedBase64CredentialIDs: [
+    Buffer.from('1234', 'ascii').toString('base64'),
+    Buffer.from('5678', 'ascii').toString('base64'),
+  ],
+};
diff --git a/packages/server/src/assertion/generateAssertionOptions.ts b/packages/server/src/assertion/generateAssertionOptions.ts
index b31a34f..1e6a4e6 100644
--- a/packages/server/src/assertion/generateAssertionOptions.ts
+++ b/packages/server/src/assertion/generateAssertionOptions.ts
@@ -7,6 +7,7 @@ type Options = {
   allowedBase64CredentialIDs: string[],
   suggestedTransports?: AuthenticatorTransport[],
   timeout?: number,
+  userVerification?: UserVerificationRequirement,
 };
 
 /**
@@ -17,6 +18,8 @@ type Options = {
  * user for assertion
  * @param timeout How long (in ms) the user can take to complete assertion
  * @param suggestedTransports Suggested types of authenticators for assertion
+ * @param userVerification Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise
+ * set to `'preferred'` or `'required'` as desired.
  */
 export default function generateAssertionOptions(
   options: Options,
@@ -26,6 +29,7 @@ export default function generateAssertionOptions(
     allowedBase64CredentialIDs,
     suggestedTransports = ['usb', 'ble', 'nfc', 'internal'],
     timeout = 60000,
+    userVerification,
   } = options;
 
   return {
@@ -36,5 +40,6 @@ export default function generateAssertionOptions(
       transports: suggestedTransports,
     })),
     timeout,
+    userVerification,
   };
 }