You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 14. Verify that the UP bit of the flags in authData is set.
// Todo: Conformance testing verifies the UVP flags differently than W3C spec, simplify this by removing the mention of conformanceTesting when conformance tools are updated)
if(!authData.UserPresent &&!conformanceTesting)
Expand All
@@ -136,7 +136,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
// 15. If the Relying Party requires user verification for this assertion, verify that the UV bit of the flags in authData is set.
if(options.UserVerification is UserVerificationRequirement.Required &&!authData.UserVerified)
// 16. If the credential backup state is used as part of Relying Party business logic or policy, let currentBe and currentBs be the values of the BE and BS bits, respectively, of the flags in authData.
// Compare currentBe and currentBs with credentialRecord.BE and credentialRecord.BS and apply Relying Party policy, if any.
if(authData.IsBackupEligible && config.BackupEligibleCredentialPolicy is Fido2Configuration.CredentialBackupPolicy.Disallowed ||
