Windows ignoring attachment & setting transport incorrectly
191 views
Skip to first unread message
Tomás Silva
Mar 5, 2026, 2:59:05 AMMar 5
to FIDO Dev (fido-dev)
Hello everyone,
I'm facing a couple of issues while creating & using passkeys in Windows. I'm wondering if anyone has also encountered something similar and has any tips or insights I could use.
Issue 1 (attachment being ignored):
When sending the options to the authenticator I'm specifically setting the attachment as "platform" due to an internal requirement:
....
"timeout": 180000,"excludeCredentials": [],"authenticatorSelection": { "authenticatorAttachment": "platform", "requireResidentKey": true, "userVerification": "required", "residentKey": null},"attestation": "direct","extensions": {.....
Nonetheless, in Windows specifically, I'm getting a cross-platform behavior. It offers the option to create a passkey using a roaming authenticator. This does not happen in macOS systems.
Is this a known issue or expected behavior? Is there a known way to enforce the attachment sent?
Issue 2 (transport set incorrectly):
Another issue I'm facing, is the transport being returned after creating the passkey with a roaming authenticator. After creating the passkey, the publicKey returned has an "internal" transport, instead of a "hybrid" transport.Is it not the expected behavior to return the transport array with "hybrid" when using a roaming authenticator? I'm aware the mobile phone (i.e.) will send its transport as "internal", but shouldn't the paired browser push the "hybrid" transport when using a cross-platform authenticator?
Here is an extracted response from the authenticator creation with a roaming passkey:
{
...
"publicKeyCredentials": { "id": "3Kv-VKnJeAX9ORq4OR59ww", "type": "public-key", "response": { "clientDataJSON": REDACTED, "attestationObject": REDACTED,
"transports": [ "internal" ] }, ...
Thank you for your attention!
"publicKeyCredentials": { "id": "3Kv-VKnJeAX9ORq4OR59ww", "type": "public-key", "response": { "clientDataJSON": REDACTED, "attestationObject": REDACTED,
"transports": [ "internal" ] }, ...
Thank you for your attention!
Oracle X
Mar 13, 2026, 9:00:10 AM (13 days ago) Mar 13
to Tomás Silva, FIDO Dev (fido-dev)
Hey sorry for late reply
How can I help you out with this ?
On Thu, Mar 5, 2026, 10:35 AM Tomás Silva <tbms...@gmail.com> wrote:
Hello everyone,I'm facing a couple of issues while creating & using passkeys in Windows. I'm wondering if anyone has also encountered something similar and has any tips or insights I could use.Issue 1 (attachment being ignored):When sending the options to the authenticator I'm specifically setting the attachment as "platform" due to an internal requirement:....
"timeout": 180000,"excludeCredentials": [],"authenticatorSelection": { "authenticatorAttachment": "platform", "requireResidentKey": true, "userVerification": "required", "residentKey": null},"attestation": "direct","extensions"<span style="color-scheme: unset; ruby-position: unset; writing-mode: unset; display: unset; font-family: unset; font-feature-settings: unset; font-kerning: unset; font-optical-sizing: unset; font-palette: unset; font-size: unset; font-size-adjust: unset; font-style: unset; font-synthesis-small-caps: unset; font-synthesis-style: unset; font-synthesis-weight: unset; font-variant-alternates: unset; font-variant-caps: unset; font-variant-east-asian: unset; font-variant-ligatures: unset; font-variant-numeric: unset; font-variant-position: unset; font-variation-settings: unset; font-width: unset; text-orientation: unset; text-rendering: unset; zoom: unset; letter-spacing: unset; text-autospace: unset; word-spacing: unset; background-image: unset; background-position: unset; background-size: unset; background-repeat: unset; background-attachment: unset; background-origin: unset; background-clip: unset; mask-clip: unset; mask-border: unset; accent-color: unset; place-content: unset; place-items: unset; place-self: unset; alignment-baseline: unset; anchor-name: unset; anchor-scope: unset; animation-composition: unset; animation: unset; appearance: unset; aspect-ratio: unset; backdrop-filter: unset; backface-visibility: unset; background-blend-mode: unset; baseline-shift: unset;
Tomás Silva
Mar 13, 2026, 9:24:00 AM (13 days ago) Mar 13
to FIDO Dev (fido-dev), Oracle X, FIDO Dev (fido-dev), Tomás Silva
Hey,
As a quick update, you can disregard "issue 2" as it was a wrong implementation on my end.
Regarding issue 1, the problem persists, is there any way to "force" windows to only offer "platform"-based authenticator registration methods?
I've messed around with client hints and attachment but Windows seems to always present all options, including "cross-platform" ones.
Thanks.
DAMILOLA OLANREWAJU
Mar 16, 2026, 5:51:21 AM (10 days ago) Mar 16
to Tomás Silva, FIDO Dev (fido-dev), Oracle X
Created passkeys can easily lost and mixed because of many way it comes developer way when developing because development is the way to go to make passkeys
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/4eb46995-bca3-487b-b30f-372c2a9a286fn%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages