TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnRegistrationValidateCertificate
Fires during /register/verify to let the application validate the attestation certificate chain (for example against a cached FIDO MDS) and override the built-in check.
public event TsgcWebAuthnOnRegistrationValidateCertificateHandler OnWebAuthnRegistrationValidateCertificate;
// delegate void TsgcWebAuthnOnRegistrationValidateCertificateHandler(TObject Sender, TsgcWebAuthn_RegistrationVerify_Request aRequest, TsgcWebAuthnValidateAttestationStatement aValidate, out bool Handled)—
Allows the application to take over the attestation statement validation. aValidate exposes the parsed attestation (format, signature, AAGUID, x5c chain) and lets the handler mark it as valid or invalid. Set Handled to true to tell the server that your code has fully validated (or rejected) the statement — the built-in validator is then skipped. Leave Handled as false to let the default logic run after the hook, which is useful when you only want to enforce an extra policy (CA pinning, authenticator allowlist from MDS) on top of the standard checks.