From 1b923335d0921fbcfed16d5b803b869b0e4d5fad Mon Sep 17 00:00:00 2001
From: Italo <DarkGhostHunter@Gmail.com>
Date: Tue, 14 Jun 2022 05:32:29 -0400
Subject: [PATCH] Added clarification on 403 for attestation. [skip-ci]

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index a4dc887..2ea2c66 100644
--- a/README.md
+++ b/README.md
@@ -254,6 +254,8 @@ public function register(AttestedRequest $request)
 }
 ```
 
+> Both `AttestationRequest` and `AttestedRequest` validates the authenticated user. If the user is not authenticated, an HTTP 403 status code will be returned.
+
 ### Attestation User verification
 
 By default, the authenticator decides how to verify user when creating a credential. Some may ask to press a "Continue" button to confirm presence, others will verify the User with biometrics, patterns or passwords.