Re: [webauthn] Which "pubKeyCredParams" to use? (#1757)

For developer: **tldr** use -7 (ES256)

I do some research of Windows Hello (22H2), Apple Passkey (iOS 16.2 (20B82)), and Android Passkey (Chrome Canary 110.0.5428.0, Android 11 RSR1.201211.001, GMS 22.44.17 (150800-488410709)).
**On Windows** (`authenticatorAttachment: 'platform'`): -257 (RS256) and -7 (ES256) is supported. If you specify unsupported algorithm, you will get `DOMException: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.` on Chrome and `DOMException: The operation failed for an unknown transient reason` on Firefox.
**On iOS**: -7 (ES256) is supported. Passkey will prompt "can not finish this operation" after you finish biometrics verification.
**On Android**:  -7 (ES256) is supported. ``DOMException: None of the algorithms specified in `pubKeyCredParams` are supported by this device.``

For hardware key (tested by Yubikey 5C, FIDO 2 PIN is set, firmware 5.4.3):
**On Windows**: If you leave `authenticatorAttachment` default with unsupported algorithm, Windows Hello will directly ask for hardware key. If unsupported algorithm for key is specified, an error message will be flashed once quickly then return to ask PIN for key (loop).
**On iOS** (via NFC): If unsupported algorithm for key is specified, you will stuck in "insert your key". No indicates or prompt.
**On Android**: You won't see any interface if you specify unsupported algorithm for Android. Even if `authenticatorAttachment` is set to `cross-platform`. So I can't continue to test because I don't have hardware key that doesn't support -7 (ES256).

-- 
GitHub Notification of comment by WordlessEcho
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1757#issuecomment-1321162774 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 20 November 2022 15:36:31 UTC