summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/registration/generateRegistrationOptions.test.ts14
-rw-r--r--packages/server/src/registration/generateRegistrationOptions.ts4
2 files changed, 15 insertions, 3 deletions
diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index 7b64434..c67a8b2 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -34,8 +34,8 @@ test('should generate credential request options suitable for sending via JSON',
displayName: userName,
},
pubKeyCredParams: [
- { alg: -7, type: 'public-key' },
{ alg: -8, type: 'public-key' },
+ { alg: -7, type: 'public-key' },
{ alg: -36, type: 'public-key' },
{ alg: -37, type: 'public-key' },
{ alg: -38, type: 'public-key' },
@@ -253,3 +253,15 @@ test('should set requireResidentKey to false if residentKey if set to discourage
expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
expect(options.authenticatorSelection?.residentKey).toEqual('discouraged');
});
+
+test('should prefer Ed25519 in pubKeyCredParams', () => {
+ const options = generateRegistrationOptions({
+ rpName: 'SimpleWebAuthn',
+ rpID: 'not.real',
+ challenge: 'totallyrandomvalue',
+ userID: '1234',
+ userName: 'usernameHere',
+ });
+
+ expect(options.pubKeyCredParams[0].alg).toEqual(-8);
+});
diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index 0f281f2..20b3283 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -32,10 +32,10 @@ export type GenerateRegistrationOptionsOpts = {
* and https://www.iana.org/assignments/cose/cose.xhtml#algorithms
*/
export const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[] = [
+ // EdDSA (In first position to encourage authenticators to use this over ES256)
+ -8,
// ECDSA w/ SHA-256
-7,
- // EdDSA
- -8,
// ECDSA w/ SHA-512
-36,
// RSASSA-PSS w/ SHA-256
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-06 13:23:55 +0000