As a registered user in http://admin.gandi.net , when registering a new security key for the account using TouchID WebAuthn in account security settings, the registration fails with error.

Reproduction:

 1. In account security settings, "Manage your security key authentication"

 2. In Register your security key: enter New token name: (I used "jessi TouchID", should not matter)

 3. Do you want to allow “gandi.net” to use Touch ID? Or you can use a security key. : Ok.

 4. Safari: "Safari" would like to use Touch ID for "gandi.net". Touch ID to allow this.

Actual behavior:

 5. Error dialog: "The operation can’t be completed.

Expected behavior:

 5. Successful registration.


The gandi.net WebAuthn registration works however on iOS (15.3.1) using FaceID.

I did some investigation using Inspector and obtained the parameters for publicKey

Object = $4
  O publickey: Object
    S attestation: "direct"
    >O challenge: Uint8Array [ ... ] (32)
    >O excludeCredentials: [Object, Object, Object] (3)
    >O extensions: {appidExclude: "https://account.gandi.net/api/u2f/trusted_facets.ison"]
    >O pubKeyCredparams: [ ... ]
    >O rp: {id: "gandi.net", name: "Gandi.net"}

https://twitter.com/joneskoo_yx/status/1492921076841603074?s=20


I can reproduce the error message if I go to https://webauthn.io and register selecting attestation: direct.

I believe the cause for the failure on Mac (but not iOS) may be that gandi sets in registration options: attestation: direct.