1 files changed, 89 insertions, 0 deletions

diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index db4e11e..ba725b6 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -49,6 +49,7 @@ test('should generate credential request options suitable for sending via JSON',
     excludeCredentials: [],
     authenticatorSelection: {
       requireResidentKey: false,
+      residentKey: 'discouraged',
       userVerification: 'preferred',
     },
   });
@@ -120,6 +121,7 @@ test('should set authenticatorSelection if specified', () => {
   expect(options.authenticatorSelection).toEqual({
     authenticatorAttachment: 'cross-platform',
     requireResidentKey: false,
+    residentKey: 'discouraged',
     userVerification: 'preferred',
   });
 });
@@ -166,3 +168,90 @@ test('should use custom supported algorithm IDs as-is when provided', () => {
     { alg: -65535, type: 'public-key' },
   ]);
 });
+
+test('should require resident key if residentKey option is absent but requireResidentKey is set to true', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorSelection: {
+      requireResidentKey: true,
+    }
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(true);
+  expect(options.authenticatorSelection?.residentKey).toEqual('required');
+});
+
+test('should discourage resident key if residentKey option is absent but requireResidentKey is set to false', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorSelection: {
+      requireResidentKey: false,
+    }
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
+  expect(options.authenticatorSelection?.residentKey).toEqual('discouraged');
+});
+
+test('should discourage resident key if both residentKey and requireResidentKey options are absent', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
+  expect(options.authenticatorSelection?.residentKey).toEqual('discouraged');
+});
+
+test('should set requireResidentKey to true if residentKey if set to required', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorSelection: {
+      residentKey: 'required',
+    },
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(true);
+  expect(options.authenticatorSelection?.residentKey).toEqual('required');
+});
+
+test('should set requireResidentKey to false if residentKey if set to preferred', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorSelection: {
+      residentKey: 'preferred',
+    },
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
+  expect(options.authenticatorSelection?.residentKey).toEqual('preferred');
+});
+
+test('should set requireResidentKey to false if residentKey if set to discouraged', () => {
+  const options = generateRegistrationOptions({
+    rpID: 'not.real',
+    rpName: 'SimpleWebAuthn',
+    userID: '1234',
+    userName: 'usernameHere',
+    authenticatorSelection: {
+      residentKey: 'discouraged',
+    },
+  });
+
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
+  expect(options.authenticatorSelection?.residentKey).toEqual('discouraged');
+});