feat: require discoverable credentials and prefer user verification in WebAuthnService

This commit is contained in:
Johan Lundberg 2026-02-17 13:18:46 +01:00
parent 8aebd04d2a
commit 2ffe968342
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
2 changed files with 44 additions and 1 deletions

View file

@ -10,6 +10,8 @@ from fido2.webauthn import (
PublicKeyCredentialRpEntity,
PublicKeyCredentialUserEntity,
RegistrationResponse,
ResidentKeyRequirement,
UserVerificationRequirement,
)
@ -36,6 +38,8 @@ class WebAuthnService:
options, state = self._server.register_begin(
user=user,
credentials=existing_credentials,
resident_key_requirement=ResidentKeyRequirement.REQUIRED,
user_verification=UserVerificationRequirement.PREFERRED,
)
return dict(options), state
@ -58,7 +62,10 @@ class WebAuthnService:
Returns (options_dict, state_dict).
"""
options, state = self._server.authenticate_begin(credentials=credentials)
options, state = self._server.authenticate_begin(
credentials=credentials,
user_verification=UserVerificationRequirement.PREFERRED,
)
return dict(options), state
def complete_authentication(