TsgcWSAPIServer_WebAuthn › Properties › WebAuthnOptions
Relying Party configuration: RPName, RPID, Origins, supported Algorithms, Attestation formats, User Verification, Timeout and AuthenticatorSelection.
property WebAuthnOptions: TsgcWSWebAuthnServer_Options read FWebAuthnOptions write SetWebAuthnOptions;RelyingParty (RPID) empty — must be set to the server DNS name. Algorithms: ES256 + RS256. All Attestation formats enabled. AllowCrossOrigins: false. AllowCredentials: false. ExcludeCredentials: false.
Main WebAuthn (FIDO2) Relying Party settings used both for credential registration (navigator.credentials.create()) and for authentication (navigator.credentials.get()). RelyingParty is mandatory and must match the server DNS name (for example www.test.com). Extra Origins and TopOrigins can be configured when requests come from additional domains or embedded iframes, and AllowCrossOrigins enables cross-origin iframe flows. The Algorithms set controls which COSE signature algorithms are accepted (ES256, ES384, ES512, RS256, RS384, RS512, PS256, PS384, PS512, RS1, EdDSA); by default only ES256 and RS256 are enabled. Attestation formats (None, Packed, TPM, AndroidKey, Apple, FidoU2F) can be enabled or disabled individually. AllowCredentials / ExcludeCredentials / Limit control which credential IDs are sent to the client during authentication and registration.
oWebAuthn.WebAuthnOptions.RelyingParty := 'www.test.com';
oWebAuthn.WebAuthnOptions.Origins.Add('https://login.test.com');
oWebAuthn.WebAuthnOptions.Algorithms.ES256 := True;
oWebAuthn.WebAuthnOptions.Algorithms.RS256 := True;
oWebAuthn.WebAuthnOptions.Attestation.NoneAttestation := True;
oWebAuthn.WebAuthnOptions.Attestation.PackedAttestation := True;
oWebAuthn.WebAuthnOptions.Credentials.ExcludeCredentials := True;
oWebAuthn.WebAuthnOptions.Credentials.Limit := 10;