webauthn.io icon indicating copy to clipboard operation
webauthn.io copied to clipboard

Published 20 hours ago verified publisher icon duo-labs

getAssertion does not use advanced settings

Open dschuermann opened this issue 4 years ago • 1 comments

In our tests, makeCredential seems to pick up the advanced settings correctly, i.e. selecting "user verification" as "discouraged" works.

But getAssertion seems not to use the advanced settings. At least "user verification" is not picked up. Instead, the Browser default is used.

I haven't verified this in your code.

https://webauthntest.azurewebsites.net/ does pick up "user verification" for getAssertion correctly.

dschuermann avatar May 20 '20 12:05 dschuermann

I can confirm I experience a similar problem with "User Verification" set to "Required". "Login" is successful even on user agents that do not prompt for a PIN (Chrome for Android), which makes me think it's actually using "Preferred".

gtbuchanan avatar Sep 25 '20 19:09 gtbuchanan

This was indeed an issue with the older version of the site. It's been addressed with the release of v2 of the site (#58).

MasterKale avatar Sep 26 '22 20:09 MasterKale