From ae4f1df76cdc6c51542c084cbbe7c3126530211e Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Mon, 10 Jun 2024 14:17:23 +0530 Subject: [PATCH] Use the transport from the original credential --- web/apps/accounts/src/services/passkey.ts | 18 +----------------- web/docs/webauthn-passkeys.md | 5 +---- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/web/apps/accounts/src/services/passkey.ts b/web/apps/accounts/src/services/passkey.ts index 522df6996b..40c83b33e8 100644 --- a/web/apps/accounts/src/services/passkey.ts +++ b/web/apps/accounts/src/services/passkey.ts @@ -413,26 +413,10 @@ export const beginPasskeyAuthentication = async ( export const signChallenge = async ( publicKey: PublicKeyCredentialRequestOptions, ) => { - for (const listItem of publicKey.allowCredentials ?? []) { - // From MDN: - // - // > The `transports` property is hint of the methods that the client - // > could use to communicate with the relevant authenticator of the - // > public key credential to retrieve. Possible values are ["ble", - // > "hybrid", "internal", "nfc", "usb"]. - // - // TODO-PK: Better document why + why not "hybrid" - // - // note: we are orverwriting the transports array with all possible values. - // This is because the browser will only prompt the user for the transport that is available. - // Warning: In case of invalid transport value, the webauthn will fail on Safari & iOS browsers - listItem.transports = ["usb", "nfc", "ble", "internal"]; - } - // Allow up to 60 seconds to wait for the retrieval publicKey.timeout = 60 * 1000; - return await navigator.credentials.get({ publicKey }); + return navigator.credentials.get({ publicKey }); }; interface FinishPasskeyAuthenticationOptions { diff --git a/web/docs/webauthn-passkeys.md b/web/docs/webauthn-passkeys.md index 19ea281419..5ca35ef76c 100644 --- a/web/docs/webauthn-passkeys.md +++ b/web/docs/webauthn-passkeys.md @@ -71,10 +71,7 @@ The registration ceremony starts in the browser. When the user clicks the "Add new passkey" button, a request is sent to the server for "public key" creation options. Although named "public key" options, they actually define customizable parameters for the entire credential creation process. They're like an -instructional sheet that defines exactly what we want. As of the creation of -this document, the plan is to restrict user authenticators to cross-platform -ones, like hardware keys. Platform authenticators, such as TPM, are not portable -and are prone to loss. +instructional sheet that defines exactly what we want. On the server side, the WebAuthn library generates this information based on data provided from a `webauthn.User` interface. As a result, we satisfy this