Re: [webauthn] How can i use biometric sensor auth from Emil Lundberg via GitHub on 2018-05-31 (public-webauthn@w3.org from May 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 31 May 2018 08:28:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-393454722-1527755323-sysbot+gh@w3.org>

Set the `userVerification` parameter to `"required"`. For registration it's located in [`PublicKeyCredentialCreationOptions`][make-root].[`authenticatorSelection`][make-param], and for authentication it's located in [`PublicKeyCredentialRequestOptions`][get-param].

This does not guarantee that a _biometric_ will be used, but it will require some kind of user verification, which could for example be PIN or biometric. If you specifically require biometric user verification, you can inspect the attestation certificate or use the [`uvm`][uvm] extension (although the latter will only work if the authenticator supports it).

[make-root]: https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions
[make-param]: https://w3c.github.io/webauthn/#dictdef-authenticatorselectioncriteria
[get-param]: https://w3c.github.io/webauthn/#dictdef-publickeycredentialrequestoptions
[uvm]: https://w3c.github.io/webauthn/#sctn-uvm-extension

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/925#issuecomment-393454722 using your GitHub account

Received on Thursday, 31 May 2018 08:28:53 UTC