Clarify AuthenticatorSelection.RequireResidentKey vs ResidentKey #89

hochhaus · 2022-12-29T19:28:19Z

hochhaus
Dec 29, 2022

Is anyone able to clarify the difference between AuthenticatorSelection.RequireResidentKey and AuthenticatorSelection.ResidentKey?

Docs: https://pkg.go.dev/github.com/go-webauthn/webauthn@v0.6.0/protocol#AuthenticatorSelection

Commit: d973582

Answered by james-d-elliott

Dec 30, 2022

See the spec here: https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria

Both are valid, however requireResidentKey is a webauthn level 1 compatibility layer. Basically you should use residentKey unless you KNOW the browser only supports spec level 1.

View full answer

james-d-elliott · 2022-12-30T00:29:56Z

james-d-elliott
Dec 30, 2022
Maintainer

See the spec here: https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria

Both are valid, however requireResidentKey is a webauthn level 1 compatibility layer. Basically you should use residentKey unless you KNOW the browser only supports spec level 1.

1 reply

hochhaus Dec 30, 2022
Author

Thanks @james-d-elliott. Your link to the spec clarifies it perfectly.

requireResidentKey ... Relying Parties SHOULD set it to true if, and only if, residentKey is set to required.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clarify AuthenticatorSelection.RequireResidentKey vs ResidentKey #89

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Clarify AuthenticatorSelection.RequireResidentKey vs ResidentKey #89

hochhaus Dec 29, 2022

Replies: 1 comment · 1 reply

james-d-elliott Dec 30, 2022 Maintainer

hochhaus Dec 30, 2022 Author

hochhaus
Dec 29, 2022

Replies: 1 comment 1 reply

james-d-elliott
Dec 30, 2022
Maintainer

hochhaus Dec 30, 2022
Author