options to Passwordless, more texts

src/main/resources/application.properties

@@ -4,4 +4,7 @@ quarkus.package.type=uber-jar
 smallrye.jwt.sign.key.location=key.jwk
 quarkus.webauthn.relying-party.id=oauth-playground.online
 %dev.quarkus.webauthn.relying-party.id=localhost
-quarkus.webauthn.relying-party.name=OAuth Playground by YSoft
+quarkus.webauthn.relying-party.name=OAuth Playground by YSoft
+quarkus.webauthn.require-resident-key=false
+quarkus.webauthn.user-verification=preferred
+quarkus.webauthn.timeout=5m

src/main/resources/templates/OAuthResource/loginPasswordless.html

@@ -101,16 +101,17 @@
                                 <p class="emphasis">pubKeyCredParams</p>
                                 <p>
                                     A list of public key credential types and cryptographic algorithm combinations supported by the relying party.
+                                    Constants of -7 and -257 denote ES256 and RS256, respectively.
                                 </p>
                             </li>
                             <li class="collection-item">
                                 <p class="emphasis">authenticatorSelection</p>
                                 <p>Criteria for the authenticator:</p>
                                 <p>
-                                    <b>requireResidentKey:</b> This indicates if the credential should be stored on the authenticator (like a hardware token or platform). Here, it's set to "false", meaning resident keys aren't mandatory.
+                                    <b>requireResidentKey:</b> A resident (private) key, is a key that cannot leave your authenticator device, this means that you cannot reuse the authenticator to log into a second computer. Here, it is not required.
                                 </p>
                                 <p>
-                                    <b>userVerification:</b> This describes the desired user verification method. "discouraged" means the relying party does not want user verification employed during the creation process.
+                                    <b>userVerification:</b> User verification is the technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations. User verification MAY be instigated through various authorization gesture modalities; for example, through a touch plus pin code, password entry, or biometric recognition (e.g., presenting a fingerprint). It can be "required", "preferred" or "discouraged".
                                 </p>
                             </li>
                             <li class="collection-item">
@@ -274,7 +275,15 @@
                                 </p>
                             </li>
                         </ul>
-                        <p class="button-label">We finish the interaction by...</p>
+                        <p class="button-label">We are now ready to submit data to the server.</p>
+                        <p class="button-label">The server will validate the request:</p>
+                        <ul>
+                            <li>Correct format</li>
+                            <li>Correct type, challenge and origin</li>
+                            <li>Decode authData in attestationObject, validate flags per expectations</li>
+                            <li>... and more</li>
+                        </ul>
+                        <p class="button-label">If everything matches, the new credential is stored with the user.</p>
                         <button class="nextBtn waves-effect waves-light btn full-width">Finish the interaction</button>
                     </div>
                 </div>
@@ -286,7 +295,7 @@
             <div class="card horizontal">
                 <div class="card-stacked">
                     <div class="card-content">
-                        <h6 class="card-header"><b>5.</b> Attestation</h6>
+                        <h6 class="card-header"><b>5.</b> Assertion</h6>
                         <p style="padding-bottom: 5px;">Which responds:</p>
                         <div class="code" id="navigator-assertion-body"></div>
                         <p class="button-label">Let's break it down...</p>
@@ -356,7 +365,14 @@
                                 </p>
                             </li>
                         </ul>
-                        <p class="button-label">We finish the interaction by...</p>
+                        <p class="button-label">We are now ready to submit data to the server.</p>
+                        <p class="button-label">The server will validate the request:</p>
+                        <ul>
+                            <li>Correct format</li>
+                            <li>Correct type, challenge and origin</li>
+                            <li>Validate the signature with the public key stored on the server</li>
+                        </ul>
+                        <p class="button-label">If everything matches, the user is logged in.</p>
                         <button class="nextBtn waves-effect waves-light btn full-width">Finish the interaction</button>
                     </div>
                 </div>
@@ -516,7 +532,7 @@
     }
 
     function init() {
-        $(".step").hide()
+        //$(".step").hide()
         $("#init").showInViewport();
     }