From ce123d40e6d0b2dbe4c955e1b9cc05212e24dbfe Mon Sep 17 00:00:00 2001
From: Matthew Miller <matthew@millerti.me>
Date: Thu, 16 Feb 2023 09:06:03 -0800
Subject: Shorten list of default public key algs

---
 packages/server/src/registration/generateRegistrationOptions.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'packages/server/src')

diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index 71cd51f..d8e0967 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -67,10 +67,12 @@ const defaultAuthenticatorSelection: AuthenticatorSelectionCriteria = {
 };
 
 /**
- * Filter out known bad/deprecated/etc... algorithm ID's so they're not used for new attestations.
- * See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * Use the most commonly-supported algorithms
+ * See the following:
+ *   - https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ *   - https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams
  */
-const defaultSupportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers.filter(id => id !== -65535);
+const defaultSupportedAlgorithmIDs: COSEAlgorithmIdentifier[] = [-8, -7, -257];
 
 /**
  * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration"
-- 
cgit v1.2.3


From 0d02202e8e9e8364497609a0a0e42faf25a5ff10 Mon Sep 17 00:00:00 2001
From: Matthew Miller <matthew@millerti.me>
Date: Thu, 16 Feb 2023 09:06:29 -0800
Subject: Update tests

---
 .../server/src/registration/generateRegistrationOptions.test.ts     | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'packages/server/src')

diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index 1553f92..b3a5ca8 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -36,13 +36,7 @@ test('should generate credential request options suitable for sending via JSON',
     pubKeyCredParams: [
       { alg: -8, type: 'public-key' },
       { alg: -7, type: 'public-key' },
-      { alg: -36, type: 'public-key' },
-      { alg: -37, type: 'public-key' },
-      { alg: -38, type: 'public-key' },
-      { alg: -39, type: 'public-key' },
       { alg: -257, type: 'public-key' },
-      { alg: -258, type: 'public-key' },
-      { alg: -259, type: 'public-key' },
     ],
     timeout,
     attestation: attestationType,
-- 
cgit v1.2.3