How to distinguish FIDO2 devices
I want to distinguish the authentication device in webauthn.
I want to know if that is possible and how I can do it if possible.
Unfortunately there's no simple WebAuthn API function you can call to say, "give me the name of available authenticators". The WebAuthn API was intentionally designed to make it difficult to determine specific makes and models of authenticators in the name of greater user privacy.
The only reliable way to determine an authenticator's make and model is to request direct attestation during registration, and then cross-reference the aaguid you get back with a list you've collected and maintain yourself, or through something like the Fido Alliance Metadata Service.
Note: If you don't request
"direct"attestation you're likely to get back an obscuredaaguid:
For platform authenticators specifically you can try creating "heuristics", based on things like browser screen dimensions and User Agent analysis, that try to reliably determine whether system-level authenticators like Touch ID or Windows Hello are available. After a user successfully registers a credential with your site you'd want to store the results of your heuristics analysis with the credential to provide UX hints later during authentication (e.g. "we determined the user registered a Windows Hello credential, so show them 'Enter your Hello PIN to continue' UI during authentication.")
- How to detect if the browser has support for webauthn
- What are the allowed RP IDs for the Public Key Credential create() and get()
- navigator.credentials is null on local server
- WebAuthn API not returning expected challenge token
- How to implement Passkeys
- How to remove WebAuthn credentials on Chrome MacOS?
- Webauthn - allowCredentials and credential selection
- Webauthn - How to validate/verify returned registration auth data using React + Node.js
- Is Chrome ignoring WebAuthentication "userVerification" setting?
- Webauthn: ReferenceError: Can't find variable: PublicKeyCredential
- Using IP address as relying party ID in passkey
- WebAuthn exclude pin from options
- How to distinguish FIDO2 devices
- Is it allowed to use an IPv4 as rp_id in webauthn credential creation options?
- How to properly extract public key from attestationObject?
- WebAuthn: Can't create public key. Promise is rejected
- Android Chrome Skip "Use saved passkey" screen
- WebAuthn: Is it possible to filter passkey authenticators?
- WebAuthn: Does navigator.credentials.create() work from localhost to another (sub)domain?
- Can a chrome extension directly initiate the (chrome) WebAuthn / PassKey dialogue?
- How to set algorithms for PublicKeyCredentialCreationOptions webauthn-lib 4.7?
- android-safetynet attestation replacement in webauthn after deprecation
- Handling user cancellation when creating credentials with WebAuthn API
- WebAuthn: Is it possible to get public key from credentials.get
- Is it safe to use WebAuthN's credential ID?
- Unexpected RP ID hash when registering a passkey in an iOS app
- WebAuthn conditional UI doesn't show up on Chrome
- How can I bypass Windows Hello when building a webauthn integration?
- Does WebAuthn support finding out where passkeys are stored?
- In WebAuthn, is it possible for two different authenticators to store the same credential ID?