elquimista
commented
1 year ago @brauliomartinezlm - I see several PRs open with no response for a while. Is this going to be taken care of at all?
Open elquimista opened 1 year ago
elquimista
commented
1 year ago @brauliomartinezlm - I see several PRs open with no response for a while. Is this going to be taken care of at all?
bdewater
commented
9 months ago 🤔 returning {} for userHandle does not conform to the specification, it should be an ArrayBuffer according to AuthenticatorAssertionResponse interface.
I noticed in the fix you referenced that for other ArrayBuffers (authenticatorData, signature) in the AuthenticatorAssertionResponse you wrap these in a bufferToBase64url method call. Perhaps that is what it missing? That seems to line up with what the webauthn-json library is doing.
Current code expects
userHandlevalue in string data type and it seems to work fine at least for desktop web browsers. I tested with Yubikey 5C NFC and it returns an empty string''foruserHandle. However, when I tested on mobile browsers (e.g., iOS Safari), it is returned with an empty object{}rather than an empty string, which causes an error in the backend code trying to encode a Hash object instead of a String object.Because of this, I had to do a simple workaround temporarily in one of my client application.
I don't know if this suggestion is a right approach but at least it fixes my problem. Please let me know if there is a better approach. I am not an expert when it comes to webauthn.