Re: [webauthn] registration of EdDSA credentials without resident keys fails (#1437)

> If, in Chrome, you go to chrome://device-log and select “Debug” as the log level then you can see the underlying CTAP2 traffic to the security key. In this case, I'm guessing that there won't be any and that you've set a PIN on the security key. Since we can't create a credential over CTAP 2.0 without PINs, once one has been set, Chrome is falling back to the U2F protocol, which cannot handle anything but ECDSA.

My keys have PIN enabled but thanks now I have put `userVerification: 'preferred'` for the registration part, I confirm the credentials created are using EdDSA, and then the assertion for user login i maintain the `userVerification: 'discouraged'`. From a user experience, I think it would be better to allow for the use of EdDSA if available without requiring the PIN.

Thanks for your help

GitHub Notification of comment by nicocaille
Please view or discuss this issue at using your GitHub account

Received on Monday, 8 June 2020 15:54:02 UTC