I want to distinguish the authentication device in webauthn.
I want to know if that is possible and how I can do it if possible.
Unfortunately there's no simple WebAuthn API function you can call to say, "give me the name of available authenticators". The WebAuthn API was intentionally designed to make it difficult to determine specific makes and models of authenticators in the name of greater user privacy.
The only reliable way to determine an authenticator's make and model is to request direct attestation during registration, and then cross-reference the aaguid
you get back with a list you've collected and maintain yourself, or through something like the Fido Alliance Metadata Service.
Note: If you don't request
"direct"
attestation you're likely to get back an obscuredaaguid
:
For platform authenticators specifically you can try creating "heuristics", based on things like browser screen dimensions and User Agent analysis, that try to reliably determine whether system-level authenticators like Touch ID or Windows Hello are available. After a user successfully registers a credential with your site you'd want to store the results of your heuristics analysis with the credential to provide UX hints later during authentication (e.g. "we determined the user registered a Windows Hello credential, so show them 'Enter your Hello PIN to continue' UI during authentication.")