Closed Spomky closed 2 years ago
Yeah, an empty array is fine to set for excludeCredentials
to fix the issue you're having.
Are you using generateRegistrationOptions()
from the server library? If you are I'd like to see how you're calling it because it's supposed to set an empty array when its optional excludeCredentials
argument is omitted. If it's not setting that empty array in the return value when I need to tighten that up since the front end library expects it to be set.
Hi @MasterKale,
Yeah, an empty array is fine to set for excludeCredentials to fix the issue you're having.
This is the way I addressed the issue. The options was generated by this PHP file (it is now fixed).
Setting an empty array when missing seems more convenient to me than throwing an exception due to an undefined property. What do you think?
Setting an empty array when missing seems more convenient to me than throwing an exception due to an undefined property. What do you think?
The fact is @simplewebauthn/browser's methods were created to pair with output from @simplewebauthn/server's methods. The ability to use @simplewebauthn/browser's functionality with another server library is not something I explicitly support, but of course there's nothing preventing another library from conforming to startRegistration()
's API, for example, by returning PublicKeyCredentialCreationOptionsJSON
which does require the existence of an excludeCredentials
array.
(Fun fact, this is why Duo's py_webauthn library works so well with @simplewebauthn/browser: when I wrote the latest version of py_webauthn I intentionally made it easy to transform its generate_registration_options()
output into a structure matching PublicKeyCredentialCreationOptionsJSON
so I could use @simplewebauthn/browser for the front end 😛)
I won't be making any changes to startRegistration()
at this moment in time. That said if you choose to update your server's output to match @simplewebauthn/browser's input expectations then I don't think you'll have any more issues like this.
I won't be making any changes to startRegistration() at this moment in time.
OK now I clearly understand the context. I made the changes on server side so that's not an issue anymore. Regards.
Hi,
I have an error because of missing
excludeCredentials
property at startRegistration.ts#L34. It seems that this line of code expectexcludeCredentials
to be present and to be a list, but it may be absent as it is not required by thePublicKeyCredentialCreationOptions
definition.In the absence of this property, should the library default it to an empty list
[]
?