summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/registration/generateRegistrationOptions.ts27
1 files changed, 21 insertions, 6 deletions
diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index d8d0ab5..a0ec8d9 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -120,15 +120,30 @@ export function generateRegistrationOptions(
}));
/**
- * "Relying Parties SHOULD set [requireResidentKey] to true if, and only if, residentKey is set
- * to "required""
*
- * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
*/
- if (authenticatorSelection.residentKey === 'required') {
- authenticatorSelection.requireResidentKey = true;
+ if (authenticatorSelection.residentKey === undefined) {
+ /**
+ * `residentKey`: "If no value is given then the effective value is `required` if
+ * requireResidentKey is true or `discouraged` if it is false or absent."
+ *
+ * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-residentkey
+ */
+ if (authenticatorSelection.requireResidentKey) {
+ authenticatorSelection.residentKey = 'required';
+ } else {
+ authenticatorSelection.residentKey = 'discouraged';
+ }
} else {
- authenticatorSelection.requireResidentKey = false;
+ /**
+ * `requireResidentKey`: "Relying Parties SHOULD set it to true if, and only if, residentKey is
+ * set to "required""
+ *
+ * Spec says this property defaults to `false` so we should still be okay to assign `false` too
+ *
+ * See https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
+ */
+ authenticatorSelection.requireResidentKey = authenticatorSelection.residentKey === 'required';
}
return {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-07 03:04:33 +0000