# pip install fido2
import os
from fido2.webauthn import PublicKeyCredentialRequestOptions, UserVerificationRequirement
from fido2.client.windows import WindowsClient

# Try to import the new collector (python-fido2 >= 1.2/2.0)
collector = None
try:
    from fido2.client import DefaultClientDataCollector
    collector = DefaultClientDataCollector(origin="https://webauthn.io")
except Exception:
    collector = None

# Instantiate WindowsClient for both API shapes
if collector is not None:
    # New API: pass a ClientDataCollector
    client = WindowsClient(client_data_collector=collector)
else:
    # Old API: constructor accepted origin directly
    client = WindowsClient("https://webauthn.io")

# Build proper WebAuthn options for an assertion (sign-in)
options = PublicKeyCredentialRequestOptions(
    challenge=os.urandom(32),
    rp_id="webauthn.io",
    timeout=15000,  # ms
    user_verification=UserVerificationRequirement.DISCOURAGED,  # we're just probing transport
)

try:
    result = client.get_assertion(options)
    # If we got here, transport worked and Windows Security likely popped on the client.
    resp = result.get_response(0)   # select the first assertion
    print("Success. Signature length:", len(resp.signature))
except Exception as e:
    print("GetAssertion failed:", repr(e))