class WebAuthn::AuthenticatorResponse

def verify(expected_challenge, expected_origin = nil, user_presence: nil, user_verification: nil, rp_id: nil)
  expected_origin ||= relying_party.origin || raise("Unspecified expected origin")
  rp_id ||= relying_party.id
  verify_item(:type)
  verify_item(:token_binding)
  verify_item(:challenge, expected_challenge)
  verify_item(:origin, expected_origin)
  verify_item(:authenticator_data)
  verify_item(:rp_id, rp_id || rp_id_from_origin(expected_origin))
  # Fallback to RP configuration unless user_presence is passed in explicitely
  if user_presence.nil? && !relying_party.silent_authentication || user_presence
    verify_item(:user_presence)
  end
  if user_verification
    verify_item(:user_verified)
  end
  true
end