diff options
| -rw-r--r-- | packages/server/src/attestation/generateAttestationOptions.ts | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/packages/server/src/attestation/generateAttestationOptions.ts b/packages/server/src/attestation/generateAttestationOptions.ts index f2d41f2..8c57e0a 100644 --- a/packages/server/src/attestation/generateAttestationOptions.ts +++ b/packages/server/src/attestation/generateAttestationOptions.ts @@ -51,6 +51,18 @@ export const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[] = [ ]; /** + * Set up some default authenticator selection options as per the latest spec: + * https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria + * + * Helps with some older platforms (e.g. Android 7.0 Nougat) that may not be aware of these + * defaults. + */ +const defaultAuthenticatorSelection: AuthenticatorSelectionCriteria = { + requireResidentKey: false, + userVerification: 'preferred', +}; + +/** * Filter out known bad/deprecated/etc... algorithm ID's so they're not used for new attestations. * See https://www.iana.org/assignments/cose/cose.xhtml#algorithms */ @@ -92,7 +104,7 @@ export default function generateAttestationOptions( attestationType = 'none', excludedCredentialIDs = [], suggestedTransports = ['usb', 'ble', 'nfc', 'internal'], - authenticatorSelection, + authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options; |