Currently not implemented in WebAuthn.
Time in seconds that user presence will remain valid without asking for proof of user presence. The purpose of this option is to allow a more fluid end user experience. By default, user presence must be checked every time a user is required to authenticate. This can become a problem if a process requires the user to authenticate or authorize multiple times, making the process more work for the user. By setting userPresenceTimeout to a number greater than 0, it allows the Authenticator to not have to check user presence before authenticating/authorizing multiple times on behalf of the user. The trade off for increasing the time for userPresenceTimeout is that it opens up the possibility that the user is not actually present at the time of the transaction. This can happen if the Authenticator is built into the client device or the roaming Authenticator was left in a client device, and the user is away. This window of time allows the possibility that either a bad actor or automatic process occurs without the user’s consent, but the Authenticator will still make it appear the user gave consent by going through with this transaction without them.