Closed wparad closed 6 months ago
MasterKale
commented
6 months ago Check out decodeAttestationObject() and parseAuthenticatorData() exported from @simplewebauthn/server/helpers. Do either of those help you achieve your goals? There are many other helpers exported from there that you might find interesting too:
wparad
commented
6 months ago Hmmm, I didn't realize it was a separate export in the package.json. Maybe there is a better way to do this, but this seems a bit annoying:
parseAuthenticatorData(
decodeAttestationObject(
new Uint8Array(base64url.toBuffer(attestation))
).get('authData'));And I will also add that depending on the usage, callers of the library might need to explicitly exclude lint issues with:
"node/no-missing-require": ["error", {
"allowModules": ["@simplewebauthn/server"]
}]Link to issue with require statements in eslint
I would have expected a single method that takes in the attestation in the same format as verifyRegistrationResponse which is base64url and returns the same object that is the response RegistrationData without needing to stack these methods or know to convert to a Uint8Array.
But I guess this is technically already supported, so we can close it.
MasterKale
commented
6 months ago Thanks for the feedback @wparad. These helpers are used internally by the various option-generation and response-verification methods that represent the core methods of the @simplewebauthn/server package. I make them available via the helpers import for those who are intrepid enough to break out of the core WebAuthn use cases, so a bit of extra work should always be expected when using them.
We would like to easily parse the attestation data, but the library does not expose an explicitly method to do this. Right now that means we need to almost fake calling
verifyRegistrationResponseagain with the right inputs whenever we want this. It would be really great to have the method to parse the attestation data available on the exposed interface.