Skip to content

Commit

Permalink
Change attestation in PublicKeyCredentialCreationOptions to none
Browse files Browse the repository at this point in the history
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
  • Loading branch information
ynojima authored and rwinch committed Dec 11, 2024
1 parent 99cc65d commit d7d5253
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ public PublicKeyCredentialCreationOptions createPublicKeyCredentialCreationOptio
List<CredentialRecord> credentialRecords = this.userCredentials.findByUserId(userEntity.getId());

PublicKeyCredentialCreationOptions options = PublicKeyCredentialCreationOptions.builder()
.attestation(AttestationConveyancePreference.DIRECT)
.attestation(AttestationConveyancePreference.NONE)
.pubKeyCredParams(PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES256,
PublicKeyCredentialParameters.RS256)
.authenticatorSelection(authenticatorSelection)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public static PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOpti
ImmutableAuthenticationExtensionsClientInputs clientInputs = new ImmutableAuthenticationExtensionsClientInputs(
ImmutableAuthenticationExtensionsClientInput.credProps);
return PublicKeyCredentialCreationOptions.builder()
.attestation(AttestationConveyancePreference.DIRECT)
.attestation(AttestationConveyancePreference.NONE)
.user(userEntity)
.pubKeyCredParams(PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES256,
PublicKeyCredentialParameters.RS256)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ void readAuthenticationExtensionsClientOutputsWhenFieldAfter() throws Exception
void writePublicKeyCredentialCreationOptions() throws Exception {
String expected = """
{
"attestation": "direct",
"attestation": "none",
"authenticatorSelection": {
"residentKey": "required"
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ void doFilterWhenNoCredentials() throws Exception {
"residentKey": "required",
"userVerification": "preferred"
},
"attestation": "direct",
"attestation": "none",
"extensions": {
"credProps": true
}
Expand Down

0 comments on commit d7d5253

Please sign in to comment.