Closed juanarias93 closed 3 years ago
Thanks for working on this! I wonder if this should be in a separate gem like other attestation formats. It is also possible to use it outside of the WebAuthn/browser context as documented on https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server
In that sense it's very similar to https://github.com/bdewater/android_key_attestation and https://github.com/bdewater/safety_net_attestation 😄
Hi @bdewater! Thanks for the comment!
I wonder if this should be in a separate gem like other attestation formats.
Yes! We considered this possibility with @grzuy, but decided to keep the implementation here for now 🙂
Hey @bdewater!
Thanks for the recommendation. It's definitely a possibility we might take that approach.
As a first take I wanted to implement here to see how it played out and how much is specific to Apple vs. WebAuthn core.
But yes, agree we should consider splitting up.
as documented on https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server
@bdewater After taking a more close look to that link, isn't fmt: apple-appattest
(what's documented in that link) similar but still different than fmt: apple
(a.k.a Apple Anonymous https://www.w3.org/TR/webauthn-2/#sctn-apple-anonymous-attestation)?
In fact it seems there are even different root certs for both in https://www.apple.com/certificateauthority/private apparently?
Released in v2.5.0
.
@grzuy you're right, my bad!
https://www.w3.org/TR/webauthn-2/#sctn-apple-anonymous-attestation