corbado / flutter-passkeys

Easily provide passkey authentication based on FIDO2 / WebAuthn for Flutter apps (iOS & Android) via a dedicated Flutter package
https://www.corbado.com/passkeys/flutter
BSD 3-Clause "New" or "Revised" License
62 stars 29 forks source link

Is the transports field missing from the attestation response parsed from the js code? #79

Open levelupatlas-mat opened 2 weeks ago

levelupatlas-mat commented 2 weeks ago

I have been struggling for many hours trying to figure out where to get the transports data that so many guides suggest to store in a DB along with the credential data. After digging for a bit, I'm wondering if I'm doing things wrong or if this package is missing it.

In the dart class for the response, there are only these fields:

final String clientDataJSON;
final String attestationObject;

However, looking at the json type the javascript code uses (PublicKeyCredentialWithAttestationJSON), we can see that the response field should be made of 3 fields:

clientDataJSON: Base64urlString;
attestationObject: Base64urlString;
transports: AuthenticatorTransportJSON[];

Am I correct and it is indeed missing?

incorbador commented 2 weeks ago

Hey @levelupatlas-mat, thanks for the issue 👍 The transports field is indeed missing that's right. I have added some feedback to the PR.