search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.62k stars 137 forks source link

Type error #467

Closed Nevercold closed 1 year ago

Nevercold commented 1 year ago

Describe the issue

i get the error "Type Error" when i call startAuthentication(option). The error only occurs on Safari (macOS/iOS). On Windows and Chrome on Mac, it works without problems.

image

Expected behavior

the Webauthn prompt should open. However, nothing happens.

Code Samples + WebAuthn Options and Responses

options: 

{
    "success": true,
    "status_code": 200,
    "response": {
        "challenge": "MmUzMmNhYTBlNTBhZjQ4MGUwZjc4ZjU3M2I3OTNlZTE1OTc5M2M2ZGE0YzIxZTJmNjc3N2ZmNDViYzI4ZjJmOA",
        "rpId": "...",
        "userVerification": "discouraged",
        "allowCredentials": [
            {
                "type": "public-key",
                "id": "...",
            },
            {
                "type": "public-key",
                "id": "...",
                "transports": [
                    "internal",
                    "hybriQ"
                ]
            },
            {
                "type": "public-key",
                "id": "...",
                "transports": [
                    "nfc",
                    "usY"
                ]
            }
        ],
        "timeout": 60000
    }
}
startAuthentication(answer.response).then(function (assertion) {
}).catch(function (error) {
     // error
     console.log(error);
});

Dependencies

SimpleWebAuthn Libraries

Plain HTML/JS JQuery 3.7.1 browser@8.3.3 Backend: https://github.com/web-auth/webauthn-framework

Nevercold commented 1 year ago

was able to isolate the problem.

When I remove the 3rd key, it works. It is a Yubikey 5. Now the question is: Is it the backend, or is the problem here?

MasterKale commented 1 year ago 
{
    "type": "public-key",
    "id": "...",
    "transports": [
        "internal",
        "hybriQ"
    ]
},
{
    "type": "public-key",
    "id": "...",
    "transports": [
        "nfc",
        "usY"
    ]
}

I wonder if it's the transports. hybriQ and usY aren't valid transports, they should be hybrid and usb. Perhaps that's what's causing the issue.

Nevercold commented 1 year ago

I use as backend https://github.com/web-auth/webauthn-framework @Spomky do you know anything about this? have recently switched from 4.6 to 4.7, but still worked after the upgrade.

update: have manually changed the transports in the database, after that it works. But how can this happen? I don't want to have to change it for every one now. with newly created keys the transports is still wrong.

MasterKale commented 1 year ago

I'm going to convert this into a discussion because it doesn't appear to be a problem with SimpleWebAuthn. I see webauthn-framework makes use of @simplewebauthn/browser and its startRegistration() and startAuthentication() methods...

https://github.com/web-auth/webauthn-framework/blob/4.8.x/src/stimulus/assets/src/controller.ts#L86C9-L86C59

...but nothing about these methods here would explain what's going on over there.

have manually changed the transports in the database, after that it works. But how can this happen? I don't want to have to change it for every one now. with newly created keys the transports is still wrong.

Maybe write some runtime code to detect these bad values, replace them when sending them to the front end, and then update them in the DB when they're encountered? That'd at least help with existing credentials while the real cause is investigated.