fix(auth): use direct attestation for registration/authentication (#1764)

mandarini · Bewinxed · web-flow · commit d1ba7d97c52a · 2025-11-07T19:32:14.000+02:00
Co-authored-by: Bewinxed &lt;bewinxed@gmail.com&gt;
diff --git a/packages/core/auth-js/src/lib/webauthn.ts b/packages/core/auth-js/src/lib/webauthn.ts
@@ -462,13 +462,14 @@ export const DEFAULT_CREATION_OPTIONS: Partial<PublicKeyCredentialCreationOption
     userVerification: 'preferred',
     residentKey: 'discouraged',
   },
-  attestation: 'none',
+  attestation: 'direct',
 }
 
 export const DEFAULT_REQUEST_OPTIONS: Partial<PublicKeyCredentialRequestOptionsFuture> = {
   /** set to preferred because older yubikeys don't have PIN/Biometric */
   userVerification: 'preferred',
   hints: ['security-key'],
+  attestation: 'direct',
 }
 
 function deepMerge<T>(...sources: Partial<T>[]): T {

Original file line number	Diff line number	Diff line change
`@@ -462,13 +462,14 @@ export const DEFAULT_CREATION_OPTIONS: Partial<PublicKeyCredentialCreationOption`
`462`	`462`	`userVerification: 'preferred',`
`463`	`463`	`residentKey: 'discouraged',`
`464`	`464`	`},`
`465`		`- attestation: 'none',`
	`465`	`+ attestation: 'direct',`
`466`	`466`	`}`
`467`	`467`
`468`	`468`	`export const DEFAULT_REQUEST_OPTIONS: Partial<PublicKeyCredentialRequestOptionsFuture> = {`
`469`	`469`	`/** set to preferred because older yubikeys don't have PIN/Biometric */`
`470`	`470`	`userVerification: 'preferred',`
`471`	`471`	`hints: ['security-key'],`
	`472`	`+ attestation: 'direct',`
`472`	`473`	`}`
`473`	`474`
`474`	`475`	`function deepMerge<T>(...sources: Partial<T>[]): T {`