webauthn-framework icon indicating copy to clipboard operation
webauthn-framework copied to clipboard

Published 20 hours ago verified publisher icon web-auth

Support WebAuthn Conditional Create (ignore isUserPresent/isUserVerified flags)

Open joostdebruijn opened this issue 6 months ago • 0 comments

Description

Currently, the library requires isUserPresent to be true during credential registration and assertion ceremonies and isUserVerified to be true when the options have USER_VERIFICATION_REQUIREMENT_REQUIRED set.

However, with Conditional Create, it is expected that both isUserPresent and isUserVerified may be false in the registration response. According to the Chrome and WebAuthn documentation, the server must ignore these flags when verifying credentials created via Conditional Create.

I can implement a custom CeremonyStepManager myself, but I would prefer to not do that and have the possibility to get one from the Factory configured for handling Conditional Create requests.

WebAuthn Conditional Create is described in the following resources:

Example

No response

joostdebruijn avatar May 25 '25 05:05 joostdebruijn