- 
                Notifications
    You must be signed in to change notification settings 
- Fork 97
Description
I am using the DEMO or _test client.html and server.php at the base for trying to get this working...
However, neither the demo at https://webauthn.lubu.ch/_test/client.html nor my local clone of it work.
The JS runs, the PHP once configured tries to, but when you click new registration with the default setting when it gets to
const cred = await navigator.credentials.create(createArgs);in
async function createRegistration() {}It fails.
Trying to test with Chrome and do the "continue" to save to device to proof set up...
The createArgs being passed is
{
    "publicKey": {
        "rp": {
            "name": "WebAuthn Library",
            "id": "dev01.menumavin.com"
        },
        "authenticatorSelection": {
            "userVerification": "discouraged"
        },
        "user": {
            "id": {},
            "name": "demo",
            "displayName": "Demo Demolin"
        },
        "pubKeyCredParams": [
            {
                "type": "public-key",
                "alg": -8
            },
            {
                "type": "public-key",
                "alg": -7
            },
            {
                "type": "public-key",
                "alg": -257
            }
        ],
        "attestation": "direct",
        "extensions": {
            "exts": true
        },
        "timeout": 240000,
        "challenge": {},
        "excludeCredentials": []
    }
}
Clearly, these publicKey settings do not work, so do we know which ones do?
While we ultimately need to test with Apple iCloud and Google Profile, do not want to do the debug fake users proof in those. Any help with what settings are needed to allow this not to be what looks like blocked by the browser would be of help...
All this produces with these default values is a timeout trying to do the navigator.credentials.create, what setting will work?
The ERROR is
createRegistration() ERROR:  NotAllowedError: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
I am not seeing what leak case is being triggered... any ideas which?