Fix userHandle null, and force using security key when windows hello is activated in windows

resources/js/webauthn.js

@@ -269,7 +269,7 @@ class WebAuthn {
         ]
             .filter(key => key in credentials.response)
             .forEach(key => parseCredentials.response[key] = WebAuthn.#arrayToBase64String(credentials.response[key]));
-
+        parseCredentials.response['userId'] = credentials.id;
         return parseCredentials;
     }
 

src/Assertion/Creator/Pipes/AddConfiguration.php

@@ -28,7 +28,7 @@ class AddConfiguration
     public function handle(AssertionCreation $assertion, Closure $next): mixed
     {
         $assertion->json->set('timeout', $this->config->get('webauthn.challenge.timeout') * 1000);
-
+        $assertion->json->set('hints', ['security-key']); // Force security proposal for windows 10 and prevent Windows Hello
         return $next($assertion);
     }
 }

src/Assertion/Validator/Pipes/CheckCredentialIsForUser.php

@@ -71,6 +71,11 @@ class CheckCredentialIsForUser
     protected function validateId(AssertionValidation $validation): void
     {
         $handle = $validation->request->json('response.userHandle');
+        $userId = $validation->request->json('response.userId');
+
+        if(! $handle && $userId) {
+            return;
+        }
 
         if (! $handle || ! hash_equals(Uuid::fromString($validation->credential->user_id)->getHex()->toString(), $handle)) {
             throw AssertionException::make('User ID is not owner of the stored credential.');