[1.2] Attestation Error: ByteBuffer: Invalid offset or length.

[qtwf]

PHP & Platform

8.2.11 - Windows 21H2

Database

MariaDB 10.9.3

Laravel version

10.28

Have you done this?

• [X] I have checked my logs and I'm sure is a bug in this package.
• [X] I can reproduce this bug in isolation (vanilla Laravel install)
• [ ] I can suggest a workaround as a Pull Request

Expectation

successful registration

Description

api returns an error response when registering through webauthn. i have an SPA with the package @simplewebauthn/browser.

i setup the default configs w/ breeze; sanctum, api

routes/auth.php

Route::prefix('webauth')
    ->middleware(['auth:sanctum'])
    ->group(function () {
        Route::get('/register/options', [WebAuthnRegisterController::class, 'options'])->name('webauthn.register.options');
        Route::post('/register', [WebAuthnRegisterController::class, 'register'])->name('webauthn.register');
    });

sample fetch:

register/options response

{
    "rp": {
        "name": "Laravel"
    },
    "authenticatorSelection": {
        "residentKey": "required",
        "requireResidentKey": true,
        "userVerification": "required"
    },
    "user": {
        "name": "test@example.com",
        "displayName": "Test User",
        "id": "671b1314af7a4ae59acb11bfe31da868"
    },
    "pubKeyCredParams": [
        {
            "type": "public-key",
            "alg": -7
        },
        {
            "type": "public-key",
            "alg": -257
        }
    ],
    "attestation": "none",
    "excludeCredentials": [],
    "timeout": 60000,
    "challenge": "B_nNl8II2S7rLFDkciHU2Q"
}

simplewebauthn startRegistration() payload to /register

{
  "id": "EBKcjOuGFLJkuKALSW4FxGGgVEKb_hQywCjx4Qa-i1E",
  "rawId": "EBKcjOuGFLJkuKALSW4FxGGgVEKb_hQywCjx4Qa-i1E",
  "response": {
    "attestationObject": "o2N ... AB",
    "clientDataJSON": "eyJ ... V9",
    "transports": [],
    "publicKeyAlgorithm": -257,
    "publicKey": "MI ... AB",
    "authenticatorData": "x8 ... AE"
  },
  "type": "public-key",
  "clientExtensionResults": {},
  "authenticatorAttachment": "platform"
}

/register response

{
    "message": [
        "Attestation Error: ByteBuffer: Invalid offset or length."
    ],
    "file": "\\vendor\\laravel\\framework\\src\\Illuminate\\Validation\\ValidationException.php",
    "line": 71,
    "trace": [
        {
            "file": "\\vendor\\laragear\\webauthn\\src\\Exceptions\\AttestationException.php",
            "line": 18,
            "function": "withMessages",
            "class": "Illuminate\\Validation\\ValidationException",
 ...

* also tested on w11, but the same error happens.

Full stack trace: https://pastebin.com/raw/9UfA1GxT

excuse my poor understanding of all these. many thanks in advance