From 0695cbf64c50be32aeb8962dcc290cdb374242f7 Mon Sep 17 00:00:00 2001 From: str0k3 Date: Tue, 15 Oct 2024 12:23:53 +0200 Subject: [PATCH 1/2] Add missing words --- pages/webauthn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/webauthn.md b/pages/webauthn.md index 31e2400..a49480f 100644 --- a/pages/webauthn.md +++ b/pages/webauthn.md @@ -87,7 +87,7 @@ const attestationObject: ArrayBuffer = response.attestationObject; The algorithm ID is from the [IANA COSE Algorithms registry](https://www.iana.org/assignments/cose/cose.xhtml). ECDSA with SHA-256 (ES256) is recommended as it is widely supported. You can also pass `-257` for RSASSA-PKCS1-v1.5 (RS256) to support a wider range of devices but devices that only support it are rare. -For most cases, `attestation` should be set to `"none"`. We don't need to verify of the authenticator and not all authenticators support it. +For most cases, `attestation` should be set to `"none"`. We don't need to verify the manufacturer of the authenticator and not all authenticators support it. For passkeys, ensure the public key is a resident key and requires user verification. From 06bb72b281f451b87bb8a021267b7555f12d271a Mon Sep 17 00:00:00 2001 From: pilcrow Date: Sun, 20 Oct 2024 23:04:09 +0900 Subject: [PATCH 2/2] Update pages/webauthn.md --- pages/webauthn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/webauthn.md b/pages/webauthn.md index a49480f..cb9f1a8 100644 --- a/pages/webauthn.md +++ b/pages/webauthn.md @@ -87,7 +87,7 @@ const attestationObject: ArrayBuffer = response.attestationObject; The algorithm ID is from the [IANA COSE Algorithms registry](https://www.iana.org/assignments/cose/cose.xhtml). ECDSA with SHA-256 (ES256) is recommended as it is widely supported. You can also pass `-257` for RSASSA-PKCS1-v1.5 (RS256) to support a wider range of devices but devices that only support it are rare. -For most cases, `attestation` should be set to `"none"`. We don't need to verify the manufacturer of the authenticator and not all authenticators support it. +For most cases, `attestation` should be set to `"none"`. We don't need to verify the authenticity of the authenticator and not all authenticators support it. For passkeys, ensure the public key is a resident key and requires user verification.