Re: [webauthn] Return authentication method used for platform types (#1373)

I think I see the confusion, well, I got confused and had to read it a few times. The WebAuthn spec says 

> The authenticator sets the authenticator extension output to be one or more user verification methods indicating the method(s) used by the user to authorize the operation, as defined below. This extension can be added to attestation objects and assertions

Theres also a link through to the FIDO registry for UVMs []. Reading this could maybe be interpreted as if the authenticator has the capability, set the flag. 

> The USER_VERIFY constants are flags in a bitfield represented as a 32 bit long integer. They describe the methods and capabilities of an UAF authenticator for locally verifying a user. The operational details of these methods are opaque to the server. These constants are used in the authoritative metadata for an authenticator, reported and queried through the UAF Discovery APIs, and used to form authenticator policies in UAF protocol messages.

GitHub Notification of comment by gcbenjamin
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 18 February 2020 05:09:37 UTC