[EC-598] feat: only show fallback options if supported

libs/common/src/fido2/abstractions/fido2-authenticator.service.abstraction.ts

@@ -84,6 +84,8 @@ export interface Fido2AuthenticatorMakeCredentialsParams {
   /** The effective resident key requirement for credential creation, a Boolean value determined by the client. */
   requireResidentKey: boolean;
   requireUserVerification: boolean;
+  /** Forwarded to user interface */
+  fallbackSupported: boolean;
   /** The constant Boolean value true. It is included here as a pseudo-parameter to simplify applying this abstract authenticator model to implementations that may wish to make a test of user presence optional although WebAuthn does not. */
   // requireUserPresence: true; // Always required
 }
@@ -106,6 +108,8 @@ export interface Fido2AuthenticatorGetAssertionParams {
   /** The constant Boolean value true. It is included here as a pseudo-parameter to simplify applying this abstract authenticator model to implementations that may wish to make a test of user presence optional although WebAuthn does not. */
   // requireUserPresence: boolean; // Always required
   extensions: unknown;
+  /** Forwarded to user interface */
+  fallbackSupported: boolean;
 }
 
 export interface Fido2AuthenticatorGetAssertionResult {

libs/common/src/fido2/abstractions/fido2-client.service.abstraction.ts

@@ -44,6 +44,7 @@ export interface CreateCredentialParams {
     id: string; // b64 encoded
     displayName: string;
   };
+  fallbackSupported: boolean;
   timeout?: number;
 }
 
@@ -64,6 +65,7 @@ export interface AssertCredentialParams {
   userVerification?: UserVerification;
   timeout: number;
   sameOriginWithAncestors: boolean;
+  fallbackSupported: boolean;
 }
 
 export interface AssertCredentialResult {

libs/common/src/fido2/abstractions/fido2-user-interface.service.abstraction.ts

@@ -10,7 +10,10 @@ export interface PickCredentialParams {
 }
 
 export abstract class Fido2UserInterfaceService {
-  newSession: (abortController?: AbortController) => Promise<Fido2UserInterfaceSession>;
+  newSession: (
+    fallbackSupported: boolean,
+    abortController?: AbortController
+  ) => Promise<Fido2UserInterfaceSession>;
 }
 
 export abstract class Fido2UserInterfaceSession {

libs/common/src/fido2/services/fido2-authenticator.service.ts

@@ -43,7 +43,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     params: Fido2AuthenticatorMakeCredentialsParams,
     abortController?: AbortController
   ): Promise<Fido2AuthenticatorMakeCredentialResult> {
-    const userInterfaceSession = await this.userInterface.newSession(abortController);
+    const userInterfaceSession = await this.userInterface.newSession(
+      params.fallbackSupported,
+      abortController
+    );
 
     try {
       if (params.credTypesAndPubKeyAlgs.every((p) => p.alg !== Fido2AlgorithmIdentifier.ES256)) {
@@ -211,7 +214,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     params: Fido2AuthenticatorGetAssertionParams,
     abortController?: AbortController
   ): Promise<Fido2AuthenticatorGetAssertionResult> {
-    const userInterfaceSession = await this.userInterface.newSession(abortController);
+    const userInterfaceSession = await this.userInterface.newSession(
+      params.fallbackSupported,
+      abortController
+    );
 
     try {
       if (

libs/common/src/fido2/services/fido2-client.service.ts

@@ -127,6 +127,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
         id: Fido2Utils.stringToBuffer(params.user.id),
         displayName: params.user.displayName,
       },
+      fallbackSupported: params.fallbackSupported,
     };
     let makeCredentialResult;
     try {
@@ -226,6 +227,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
       hash: clientDataHash,
       allowCredentialDescriptorList,
       extensions: {},
+      fallbackSupported: params.fallbackSupported,
     };
 
     let getAssertionResult;