FidoOptions

FidoOptions

• Licensee: string

• LicenseKey: string

• RelyingPartyId: string Overrides the Relying Party ID used by FIDO component for validation. By default, the RP ID is inferred from the incoming request's Host URI component.

• RequireUserVerification: bool Ensures that the user is verified during generation of assertions (Multi-Factor Authentication using authenticator PIN or biometrics). Defaults to false.

• RequireStrictCounterValidation: bool Ensures that the authenticator's counter value is always greater than the previous seen counter. Defaults to false with warning.

• RequireSupportedAttestationFormat: bool Ensures that only known attestation formats can be registered. If false, unknown formats will be registered using the "Unsupported" attestation type. Defaults to false with warning.

• RequireTrustedAttestations: bool Ensures that only authenticators with fully validated attestations can be registered. If false, registration will fallback to the "Self" attestation type. Defaults to false with warning.

• TimeComparisonTolerance: TimeSpan Used when comparing DateTimes, allowing for you to account for clock skew. Defaults to 30 seconds.

• AllowedCoseSignatureAlgorithms: List<string> Allowed signature algorithms for attestations and assertions. Defaults to all algorithms supported by the component (RS1, RS256, PS256, ES256, ES256K, RS384, PS384, ES384, RS512, PS512, ES512, and EdDSA)

• LogFidoResponses: bool Logs incoming FIDO registration and authentication responses. Used for debugging only. Defaults to false.

• ChallengeCookieBuilder: CookieBuilder Cookie used between register/authentication challenge and completion. Defaults to:

  new CookieBuilder
  {
      HttpOnly = true,
      SameSite = SameSiteMode.Strict,
      SecurePolicy = CookieSecurePolicy.SameAsRequest,
      Expiration = TimeSpan.FromMinutes(10)
  };

• UseEmbeddedPublicSuffixListOnly: bool If true, an embedded copy of the public suffix list will be used. If false the latest version will be fetched from https://publicsuffix.org/list/public_suffix_list.dat and cached for 1 Day. Defaults to false.

• FidoMetaDataCacheLifetime: TimeSpan The length of time cache Fido Metadata is valid for. Defaults to 28 Days.