NFC user present flag implementation

[Praveen PPT]

With respect the NFC user present flag,https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-terminology

Step 1.2 says “If the NFC userPresent flag's value is true, then consider the user as having granted permission, and set the NFC userPresent flag to false.”

Here in our implementation we are clearing the userPresent flag on the first usage by any command needing user presence and hence if one sends any command requiring the user presence in the same session, we fail it as the flag is reset on first use. This will require the card to be reset (Taken out of the field and place it back). Is this implementation correct or the userPresent flag has to be persisted for the current session even after the usage?

[Adam Langley]

That sounds correct although I don't have a lot of experience with how other NFC authenticators have implemented that.

Rather than failing the request you could validly hang the request, I believe. Essentially waiting for the user to remove and replace the authenticator in the reader field where upon the platform will resend the request.

Cheers

AGL