Support `authenticatorSelection` in attestations

author: Matthew Miller <matthew@millerti.me> 2020-05-26 23:13:57 -0700
committer: Matthew Miller <matthew@millerti.me> 2020-05-26 23:13:57 -0700
commit: e7bd6abdd0879ee1ccd287c11305d4c811f389f6 (patch)
tree: cd3150cc2c4e61674252c1a2a729efceef92d77b /packages/server/src
parent: ae261d3feb0b73d2d3eaa65401dddd521ca8fead (diff)
2 files changed, 25 insertions, 0 deletions
diff --git a/packages/server/src/attestation/generateAttestationOptions.test.ts b/packages/server/src/attestation/generateAttestationOptions.test.ts
index 73218bf..08507e7 100644
--- a/packages/server/src/attestation/generateAttestationOptions.test.ts
+++ b/packages/server/src/attestation/generateAttestationOptions.test.ts
@@ -82,3 +82,24 @@ test('defaults to direct attestation if no attestation type is specified', () =>
 
   expect(options.attestation).toEqual('none');
 });
+
+test('should set authenticatorAttributes to authenticatorSelection if set', () => {
+  const options = generateAttestationOptions({
+    serviceName: 'SimpleWebAuthn',
+    rpID: 'not.real',
+    challenge: 'totallyrandomvalue',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorAttributes: {
+      authenticatorAttachment: 'cross-platform',
+      requireResidentKey: false,
+      userVerification: 'preferred',
+    },
+  });
+
+  expect(options.authenticatorSelection).toEqual({
+    authenticatorAttachment: 'cross-platform',
+    requireResidentKey: false,
+    userVerification: 'preferred',
+  });
+});
diff --git a/packages/server/src/attestation/generateAttestationOptions.ts b/packages/server/src/attestation/generateAttestationOptions.ts
index e2a9926..fbf62f4 100644
--- a/packages/server/src/attestation/generateAttestationOptions.ts
+++ b/packages/server/src/attestation/generateAttestationOptions.ts
@@ -13,6 +13,7 @@ type Options = {
   attestationType?: AttestationConveyancePreference,
   excludedBase64CredentialIDs?: string[],
   suggestedTransports?: AuthenticatorTransport[],
+  authenticatorAttributes?: AuthenticatorSelectionCriteria,
 };
 
 /**
@@ -31,6 +32,7 @@ type Options = {
  * @param excludedBase64CredentialIDs Array of base64-encoded authenticator IDs registered by the
  * user so the user can't register the same credential multiple times
  * @param suggestedTransports Suggested types of authenticators for attestation
+ * @param authenticatorAttributes Advanced criteria for the types of authenticators that may be used
  */
 export default function generateAttestationOptions(
   options: Options,
@@ -46,6 +48,7 @@ export default function generateAttestationOptions(
     attestationType = 'none',
     excludedBase64CredentialIDs = [],
     suggestedTransports = ['usb', 'ble', 'nfc', 'internal'],
+    authenticatorAttributes,
   } = options;
 
   return {
@@ -72,5 +75,6 @@ export default function generateAttestationOptions(
       type: 'public-key',
       transports: suggestedTransports,
     })),
+    authenticatorSelection: authenticatorAttributes,
   };
 }
author	Matthew Miller <matthew@millerti.me>	2020-05-26 23:13:57 -0700
committer	Matthew Miller <matthew@millerti.me>	2020-05-26 23:13:57 -0700
commit	e7bd6abdd0879ee1ccd287c11305d4c811f389f6 (patch)
tree	cd3150cc2c4e61674252c1a2a729efceef92d77b /packages/server/src
parent	ae261d3feb0b73d2d3eaa65401dddd521ca8fead (diff)