Fido2 PIN

[mattaojie]

I'm using the Fido2 demo and it works fine, but when I set a PIN for the yubico key, I can't register successfully. So how should I verify the PIN? Thanks!

[agektmr]

On registration, setting authenticatorSelection.authenticatorAttachement to be platform forces only the platform authenticator to be registered. If you want to use a security key, it needs to be cross-platform.
Android equivalent must be somewhere around this https://github.com/googlecodelabs/fido2-codelab/blob/master/android/app-start/src/main/java/com/example/android/fido2/api/AuthApi.kt#L132

[mattaojie]

I noticed that Android only supports CTAP1/U2F external authenticator, but not CTAP2.

FIDO CTAP1 enables an external and portable authenticator (such as a hardware security key) to interoperate with a client platform (such as a computer). The CTAP specification refers to two protocol versions, the CTAP1/U2F protocol and the CTAP2 . CTAP1 is a new name for FIDO U2F.

FIDO CTAP2 is responsible for the external factor, like a security key (link to security key page in glossary), communicating with the website or account using the authenticator. An authenticator that implements CTAP2 is called a FIDO2 authenticator (also called a WebAuthn authenticator). If that authenticator implements CTAP1/U2F as well, it is backward compatible with U2F.