Error: No data when runnning verifyAuthenticationResponse

[tiro-reflact]

Describe the issue

Hello! We are trying to implement Passkey's using this library. We followed the implementation described here: https://simplewebauthn.dev/docs/packages/server#2-verify-authentication-response When executing the function verifyAuthenticationResponse we get the following error:

Error: No data
    at Module.decodePartialCBOR (file:///path/to/app/node_modules/@levischuck/tiny-cbor/esm/cbor/cbor.js:351:15)
    at Module.decodeFirst (file:///path/to/app/node_modules/@simplewebauthn/server/esm/helpers/iso/isoCBOR.js:22:30)
    at decodeCredentialPublicKey (file:///path/to/app/node_modules/@simplewebauthn/server/esm/helpers/decodeCredentialPublicKey.js:3:65)
    at verifySignature (file:///path/to/app/node_modules/@simplewebauthn/server/esm/helpers/verifySignature.js:17:25)
    at verifyAuthenticationResponse (file:///path/to/app/node_modules/@simplewebauthn/server/esm/authentication/verifyAuthenticationResponse.js:154:25)
    at async file:///path/to/app/dist/controller/auth.controller.js:202:28

This is what's inside the body of your request from the client: https://debugger.simplewebauthn.dev -> With Body

This is how we execute the function: "body" contains the Object from the debugger link above (We already checked, that every other param is set the correct way)

const opts: VerifyAuthenticationResponseOpts = {
  response: body,
  expectedChallenge: `${expectedChallenge}`,
  expectedOrigin,
  expectedRPID: rpID,
  authenticator: dbAuthenticator,
  requireUserVerification: true,
};
verification = await verifyAuthenticationResponse(opts);

Dependencies

• OS: macOS 14.4.1
• Browser: Chrome Version 125.0.6422.112
• Authenticator: Passkey from Chrome

SimpleWebAuthn Libraries

├── @simplewebauthn/server@10.0.0
├── @simplewebauthn/browser@10.0.0

[tiro-reflact]

We figured out what was wrong:

We are storing the device in a MongoDB and authenticator.credentialPublicKey needs to be converted to Binary before storing. Afterwards you need to convert it back to a Uint8Array and then it works. Otherwise the data is corrupted.

//before storing
credentialPublicKey: new Binary(credentialPublicKey)

//after query
credentialPublicKey = new Uint8Array(credentialPublicKey.buffer)

[MasterKale]

To try and connect some dots here, this seems related to the following discussion where this same issue is solved in a similar manner:

MongoDB Authenticator types: Discussion https://github.com/MasterKale/SimpleWebAuthn/discussions/375

Note to self if this comes up again: I wonder if there's something I can do here to help out MongoDB users...

[MasterKale]

It happened again: someone else suffered something that looks suspiciously like this issue. While I await their confirmation that @tiro-reflact's post above is the solution for them too, I went ahead and codified the solution here into the docs:

https://simplewebauthn.dev/docs/packages/server#error-no-data

[jai-charan]

Hi @MasterKale , what should be the type of the credentialPublicKey . I did not use mongoDB..but still getting the same "Error: No data". I debugged the verifyAuthenticationResponse call..and the code reaches till the last method..which is verifySignature().And we use signature, data: signatureBase, credentialPublicKey: authenticator.credentialPublicKey . That's why I suspect there might be an type mismatch here from my side.

[MasterKale]

@jai-charan credentialPublicKey should be of type Uint8Array; in a Node project Buffer should be okay too since last I checked it's a subclass of Uint8Array.

[jai-charan]

If i have it as Uint8Array....then the value pf public key become undefined inside verifyAuthenticatorResponse.Only of type base64url.. I'm able to log the values in the verifyAuthenticatorResponse()

[MasterKale]

Hmm, at this point I'm going to need to see some code and inputs to help further. Include what you're getting out of the DB too please (there's no PII in credential ID or public key if that helps alleviate concerns about sharing those.)