jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev'
CI/CD / deploy (push) Failing after 2m23s Details

This commit is contained in:
Jeff Emmett 2026-04-15 15:16:06 -04:00
parent f1f9e3b34d 03b1bdf2f1
commit e1aef83452
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/encryptid/webauthn.ts
View File

@ -133,9 +133,6 @@ export async function registerPasskey(
throw new Error('WebAuthn is not supported in this browser');
}
// Check platform authenticator availability
const platformAvailable = await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
// Generate user ID (random bytes, not PII)
const userId = crypto.getRandomValues(new Uint8Array(32));
@ -178,9 +175,10 @@ export async function registerPasskey(
// Require user verification (biometric/PIN)
userVerification: cfg.userVerification,
// Prefer platform authenticator, but allow cross-platform (security keys,
// phone-as-authenticator) on devices without one (e.g. Linux desktops)
...(platformAvailable ? { authenticatorAttachment: 'platform' as const } : {}),
// No authenticatorAttachment constraint — let the browser offer ALL options:
// platform (biometrics, PIN, Windows Hello), security keys, phone-as-authenticator.
// Previously forced 'platform' when available, which blocked cross-platform
// authenticators on Firefox and other browsers with limited platform UI.
},
// Don't request attestation (privacy)