Open aliaftab612 opened 2 weeks ago
Hey @aliaftab612, I'm going to check if there's an actual issue, but just looking at this I think it's just encoded with/without base64url in the AdminConsole UI.
Hey @aliaftab612, I'm going to check if there's an actual issue, but just looking at this I think it's just encoded with/without base64url in the AdminConsole UI.
@abergs It appears that, except for this endpoint, all other endpoints return the Base64url-encoded credentialId. For example, in the credentials/delete endpoint, the encoded credentialId is used for deletion, and in credentials/list, the encoded credentialId is returned. Other endpoints related to sign and registration, also work with the encoded credentialId. This specific endpoint returns the credentialId without encoding, causing my application to fail when performing checks with the credentialId returned after verification. I believe the credentialId encoding should be consistent across all endpoints.
@abergs It looks like we don't use the Base64UrlConverter, I'm only seeing [MessagePack]
attributes for the properties. So it's serializing to Base64 by default instead.
GET /credentials/list
and other endpoints do Base64Url encode all byte arrays.
We probably have to fix it, but it would be a breaking change.
The
/signin/verify
endpoint is returning an incorrectcredentialId
. When hitting this endpoint with a token to verify passkey sign-in, the response contains acredentialId
that does not match the expected value.In the Admin console, the
credentialId
for the passkey is:gC-5YbmlbT2S9qv4uv1aIw
, which I assume is correct. However, when I try to verify the sign-in, the response returns thiscredentialId
:gC+5YbmlbT2S9qv4uv1aIw==
, which differs from the one in the Admin console.Below I have shared images for reference: