search

corbado / flutter-passkeys

Easily provide passkey authentication based on FIDO2 / WebAuthn for Flutter apps (iOS & Android) via a dedicated Flutter package
https://www.corbado.com/passkeys/flutter
BSD 3-Clause "New" or "Revised" License
53 stars 16 forks source link

How to retrieve the public key? #41

Closed lcardosol closed 5 months ago

lcardosol commented 5 months ago

I'm following the example code on the documention, and throughout the whole process of sign up / sign in, it is not clear to me, where or what is the public key that I should use to verify user sign in requests.

When calling PasskeyAuthenticator().register(...) I get back in the response a RegisterResponseType object, that only contains the following information: 

final String id;
final String rawId;
final String clientDataJSON;
final String attestationObject;

By decoding clientDatajSON I was able to recover more information about the passkey, such as id, challenge... But nothing related to the public key. What value should I use on my RelayingParty server as the public key for the created user?

vincentdelitz commented 5 months ago

Hey @lcardosol,

The public key is in the attestationOject, see also the chart here: https://www.corbado.com/blog/passkey-tutorial-how-to-implement-passkeys#integrate-passkeys-frontend.

Closing this issue then - let me know if you have any other questions.