LG-12571 Specify "hints" for WebAuthn security key enrollment

[kevinsmaster5]

🎫 Ticket

LG-12571

🛠 Summary of changes

When enrolling a non-platform webauthn device it passes the value 'security-key' with the authenticatorSelection object.
Platform devices will have 'client-device' added.
https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialhints-client-device

📜 Testing Plan

Test for enroll-webauthn-device should pass.
Setup should work as before without any issues.

[aduth]

I think we should support "hybrid" for platform authenticator enrollments, like using a smartphone QR code to complete MFA setup initiated on a computer. I'd think we should either leave the hints unspecified for platform authenticators, or provide an array including both client-device and hybrid (in order of preference).

[kevinsmaster5]

Added 'hybrid' into the acceptable options.

[aduth]

1. The property of publicKey is called hints, not publicKeyCredentialHints
2. The value is an array of strings, not a string
3. 'hybrid' is a valid hints string value

Reference: https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialcreationoptions-hints

Suggested change

	publicKeyCredentialHints?: 'client-device' | 'security-key';
	hints?: Array<'client-device' | 'security-key' | 'hybrid'>;

[kevinsmaster5]

Updated value to array of strings and set property name to 'hints'

[zachmargolis]

since this 'client-device' | 'security-key' union is used in two spots, should we name it & typedef it?

typedef PublicKeyCredentialType = 'client-device' | 'security-key';

[aduth]

I like that idea. Could even use an enum and call it the same as in the spec, PublicKeyCredentialHints

https://www.w3.org/TR/webauthn-3/#enumdef-publickeycredentialhints
https://www.typescriptlang.org/docs/handbook/enums.html#string-enums

[kevinsmaster5]

I have those cast in a Type now. I'm not entirely clear on how to leverage an enum there but can spend a little more time on it.

[aduth]

LGTM 👍