mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-03-01 10:59:16 +00:00
d7d5253607
The attestation option in PublicKeyCredentialCreationOptions is a parameter that controls whether to request attestation from the security key. However, Spring Security Passkeys currently doesn't implement attestation verification. Therefore, requesting attestation is unnecessary. Specifying `direct` to request attestation may trigger browsers to display additional privacy related dialog to users, so it is best to avoid specifying `direct` unnecessarily.