Firstyear

This was implemented as part of the cryptographic pr that we recently merged.

Can you reproduce on https://webauthn.firstyear.id.au/

Also please try https://webauthn.io/?regUserVerification=preferred&attestation=none&attachment=all&algES256=true&algRS256=true&discoverableCredential=discouraged&authUserVerification=preferred Note that I have pre-configured that link to not damage your keys.

There are some minor fixes to webauthn flows in webauthn-rs since the release. I have updated the maintenance branch and I am preparing updated containers now. I'll let you know...

All good. The fact that it works on webauthn.fy.id.au is already enough info - that's running the "latest" webauthn-rs code, where kanidm on the stable channel is missing a few...

Passkeys are "self contained multifactor authentication". Keeper should be asking you for user verification each time to proceed.

Unrelated, but if you use yubikeys, you should be aware of https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/ Kanidm does the right thing here, but other sites dont so watch out. This is why I pre-set...

Can you confirm your rp-id and origins are correct? Should be the domain name and origin values in the server.toml. I'm looking at the code and both are calling the...

Okay, the origin stuff all sounds correct then. Browser shouldn't need anything different, provided you didn't click past any cert warnings. I'm going to investigate some more, the interaction with...

Yep, I didnt think it was CSP. It could be something about timeouts, because that's the only thing we changed lately that may be causing the issues here. But it's...