Introduction
Web authentication through local device authentication like Android Touch ID, Windows Hello Face recognition or just a loca...
For further actions, you may consider blocking this person and/or reporting abuse
So, is this useful for anyone?
Hi Arnoud, I'm using your library for the second authentication factor in a web solution.
The integration of WebAuthn development and testing into our solution, but I am having difficulty restricting the authentication method. I would need to restrict the method to Biometrics only.
In my research, I found that there are WebAuthn extensions, such as "UVM" that handle this. However, I didn't find anything related to the use of these extension methods in your library.
Can you help me if this functionality is expected, if there is any way to use it together with your library, or if I should use another library to be able to manipulate these extensions.
I really liked your work because it has excellent and detailed documentation, congratulations on that. Thanks..
While there are extensions like you mentioned, I don't really recommend it. The first reason is that it constraints the user into specific authentication methods that the user may dislike. For example, with a laptop without sensors having only PIN or a phone with swipe pattern because the user prefers it that way. The other issue is that it's 'extensions', as such the support is optional and I also believe is not included as part of the signed assertion... Although I'm uncertain regarding this last statement.
It's not supported by the lib. A PR for this feature and some experimentation is welcome, but not really my priority right now.