I have implemented some sort of password-less authentication using DUO lab's webauthn
using Django. However, I keep getting this error:
Unable to verify attestation statement format..
when authenticating on my Android phone (at least for now).
How can I include more attestation formats to incorporate Android
, Windows hello
and any other device in this library's attestation formats?
The current version of the webauthn
library only supports the following attestation formats:
"fido-u2f"
"packed"
"none"
You mentioned you're trying to register an Android device - without seeing a response you're getting back from the call to navigator.credentials.create()
I'd make an educated guess that you're getting responses with "android-safetynet"
or "android-key"
attestation statements which the library is unable to verify.