Closed MasterKale closed 10 months ago
generateRegistrationOptions() treats string values for the challenge option as ASCII strings when converting to bytes, while generateAuthenticationOptions() handles them like they're UTF-8 bytes:
generateRegistrationOptions()
string
challenge
generateAuthenticationOptions()
https://github.com/MasterKale/SimpleWebAuthn/blob/a59634a1a9b0393622fb121fbe229132c01a2624/packages/server/src/registration/generateRegistrationOptions.ts#L160
https://github.com/MasterKale/SimpleWebAuthn/blob/a59634a1a9b0393622fb121fbe229132c01a2624/packages/server/src/authentication/generateAuthenticationOptions.ts#L49
N/A
string challenges should all be treated as UTF-8 strings for maximum flexibility for RP's that need it.
$ npm list --depth=0 | grep @simplewebauthn ├── @simplewebauthn/server@8.3.6 # ...
Describe the issue
generateRegistrationOptions()treatsstringvalues for thechallengeoption as ASCII strings when converting to bytes, whilegenerateAuthenticationOptions()handles them like they're UTF-8 bytes:https://github.com/MasterKale/SimpleWebAuthn/blob/a59634a1a9b0393622fb121fbe229132c01a2624/packages/server/src/registration/generateRegistrationOptions.ts#L160
https://github.com/MasterKale/SimpleWebAuthn/blob/a59634a1a9b0393622fb121fbe229132c01a2624/packages/server/src/authentication/generateAuthenticationOptions.ts#L49
Reproduction Steps
N/A
Expected behavior
stringchallenges should all be treated as UTF-8 strings for maximum flexibility for RP's that need it.Code Samples + WebAuthn Options and Responses
N/A
Dependencies
N/A
SimpleWebAuthn Libraries
Additional context
N/A