Create discoverable credentials without PIN verification
66 views
Skip to first unread message
Praveen PPT
Jun 25, 2024, 10:54:07 AM6/25/24
to FIDO Dev (fido-dev)
Can we
create discoverable credentials without doing PINAuth Verification if
client pin is false (Client PIN supported but PIN not set). This is coming
from Step 7 and 8 of MakeCredhttps://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#authenticatorMakeCredential
Adam Langley
Jun 25, 2024, 2:46:20 PM6/25/24
to FIDO Dev (fido-dev), Praveen PPT
On Tuesday, June 25, 2024 at 7:54:07 AM UTC-7 Praveen PPT wrote:
Can we create discoverable credentials without doing PINAuth Verification if client pin is false (Client PIN supported but PIN not set). This is coming from Step 7 and 8 of MakeCredhttps://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#authenticatorMakeCredential
You should probably use a more recent version of the spec, either from GitHub or at least https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#authenticatorMakeCredential
From the latter, step 7 is fairly clear that discoverable credentials cannot be created without UV once UV is set up. But before it's set up, I believe you can create them without UV. However, I don't think Chromium-based browsers will make such requests in any case.
Cheers
AGL
Praveen PPT
Jul 11, 2024, 1:01:21 AM7/11/24
to FIDO Dev (fido-dev), Adam Langley, Praveen PPT
Thank you Adam :)
Kind Regards,
Praveen P T
Reply all
Reply to author
Forward
0 new messages