From f0f4ee9d0f5128ca8f45e50e8b00b29979e16217 Mon Sep 17 00:00:00 2001
From: Matthew Miller <matthew@millerti.me>
Date: Tue, 3 Jan 2023 22:44:10 -0800
Subject: Prefer resident keys

---
 .../src/registration/generateRegistrationOptions.test.ts       | 10 +++++-----
 .../server/src/registration/generateRegistrationOptions.ts     |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'packages/server/src')

diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index 678c6a0..ce60708 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -48,8 +48,8 @@ test('should generate credential request options suitable for sending via JSON',
     attestation: attestationType,
     excludeCredentials: [],
     authenticatorSelection: {
-      requireResidentKey: true,
-      residentKey: 'required',
+      requireResidentKey: false,
+      residentKey: 'preferred',
       userVerification: 'preferred',
     },
   });
@@ -198,7 +198,7 @@ test('should discourage resident key if residentKey option is absent but require
   expect(options.authenticatorSelection?.residentKey).toBeUndefined();
 });
 
-test('should require resident key if both residentKey and requireResidentKey options are absent', () => {
+test('should prefer resident key if both residentKey and requireResidentKey options are absent', () => {
   const options = generateRegistrationOptions({
     rpID: 'not.real',
     rpName: 'SimpleWebAuthn',
@@ -206,8 +206,8 @@ test('should require resident key if both residentKey and requireResidentKey opt
     userName: 'usernameHere',
   });
 
-  expect(options.authenticatorSelection?.requireResidentKey).toEqual(true);
-  expect(options.authenticatorSelection?.residentKey).toEqual('required');
+  expect(options.authenticatorSelection?.requireResidentKey).toEqual(false);
+  expect(options.authenticatorSelection?.residentKey).toEqual('preferred');
 });
 
 test('should set requireResidentKey to true if residentKey if set to required', () => {
diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index 8f5e0c0..f779ace 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -62,7 +62,7 @@ export const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[] = [
  * defaults.
  */
 const defaultAuthenticatorSelection: AuthenticatorSelectionCriteria = {
-  residentKey: 'required',
+  residentKey: 'preferred',
   userVerification: 'preferred',
 };
 
-- 
cgit v1.2.3


From 8f31dbb5262ec461820e49f675f9ac2963466cb8 Mon Sep 17 00:00:00 2001
From: Matthew Miller <matthew@millerti.me>
Date: Tue, 3 Jan 2023 22:45:14 -0800
Subject: Always include credProps in extensions

---
 .../generateRegistrationOptions.test.ts            | 28 ++++++++++++++++++++--
 .../registration/generateRegistrationOptions.ts    |  5 +++-
 2 files changed, 30 insertions(+), 3 deletions(-)

(limited to 'packages/server/src')

diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index ce60708..1553f92 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -52,6 +52,9 @@ test('should generate credential request options suitable for sending via JSON',
       residentKey: 'preferred',
       userVerification: 'preferred',
     },
+    extensions: {
+      credProps: true,
+    }
   });
 });
 
@@ -135,9 +138,30 @@ test('should set extensions if specified', () => {
     extensions: { appid: 'simplewebauthn' },
   });
 
-  expect(options.extensions).toEqual({
-    appid: 'simplewebauthn',
+  expect(options.extensions?.appid).toEqual('simplewebauthn');
+});
+
+test('should include credProps if extensions are not provided', () => {
+  const options = generateRegistrationOptions({
+    rpName: 'SimpleWebAuthn',
+    rpID: 'not.real',
+    userID: '1234',
+    userName: 'usernameHere',
+  });
+
+  expect(options.extensions?.credProps).toEqual(true);
+});
+
+test('should include credProps if extensions are provided', () => {
+  const options = generateRegistrationOptions({
+    rpName: 'SimpleWebAuthn',
+    rpID: 'not.real',
+    userID: '1234',
+    userName: 'usernameHere',
+    extensions: { appid: 'simplewebauthn' },
   });
+
+  expect(options.extensions?.credProps).toEqual(true);
 });
 
 test('should generate a challenge if one is not provided', () => {
diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index f779ace..71cd51f 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -178,6 +178,9 @@ export function generateRegistrationOptions(
       id: isoBase64URL.fromBuffer(cred.id as Uint8Array),
     })),
     authenticatorSelection,
-    extensions,
+    extensions: {
+      ...extensions,
+      credProps: true,
+    },
   };
 }
-- 
cgit v1.2.3