melissaahn
commented
7 months ago Putting the "skip-consumers-check" tag, not because it's a breaking change, but because all of the checks are passing except for the MSAL build and test, which is currently blocked for MSAL checks in general due to an issue with one of the lab accounts. https://identitydivision.visualstudio.com/Engineering/_build/results?buildId=1262143&view=results
Summary
After talking with the server team, we figured out that the assertion value they were expecting in our response is based on a custom JSON object. When ESTS UX gets a WebAuthN standard response, they condense it to 5 fields and no inner objects. While I was under the impression that a WebAuthN standard object was expected, the inner object of the standard object was similar enough that ESTS accepted it, so it still functioned. But this PR includes changes to purposely construct the custom object, which makes sure that the required fields are present and that any extra fields are cut out. ESTS said that they will document the custom object on their side, and I'll link that in my own documentation.
This PR also makes small changes to the error/exception strings we send; the exception name and a prefix (for ESTS to more easily identify an error vs an actual assertion) are now added to the string.