There's a few things wrong with your post off the cuff: if isuvpaa() returns false you can still use webauthn (with e.g. a phone through scanning the qr code), it just means there's no built in authenticator. - ThreadSky

About ThreadSky

satragno.bsky.social • 23 days ago

There's a few things wrong with your post off the cuff: if isuvpaa() returns false you can still use webauthn (with e.g. a phone through scanning the qr code), it just means there's no built in authenticator.

Comments

v2t.dev•23 days ago

good point, yeah this is not clear, I will rephrase this part, to clear that up - let me know if you find other things I need to correct?

satragno.bsky.social•23 days ago

Also devtools does support multiple authenticators. The error you're showing happens because you stored the passkey in one authenticator, then set a different one as active.

I do wonder if we should add an option that corrupts signatures to the virtual authenticator...

v2t.dev•23 days ago

Yeah, this is not clear in the post, I meant "only one authenticator can be active at once" is that correct ?

RE: corrupt signature: that'd be a great addition, is there a way of doing it with the CDP? Not sur I got this part really.

satragno.bsky.social•23 days ago

There is WebAuthn.setResponseOverrideBits but we never surfaced that on the devtools UI

satragno.bsky.social•23 days ago

https://chromedevtools.github.io/devtools-protocol/tot/WebAuthn/#method-setResponseOverrideBits

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply