Closed thavel closed 5 years ago
I finally figured out why it didn't work. I went through the webauthn spec again :
And I realized that I did something wrong with the
clientDataHash
(inputs) and the clientDataJSON
(outputs), as I was giving only the base64url encoded challenge to the getAssertion()
options.
Instead, I properly formatted the clientDataHash
as a sha256 encoded JSON with my base64url encoded challenge, origin and operation's type as described in the spec.
And it works great now!
Hello,
I'm trying to make Webauthn works on my Google Pixel 3XL (running under Android 9 Pie) with this library.
I've started building an authentication backend using duo-labs/webauthn Go library (amazing job, btw!), and I wrote a basic Android app. (SDK >= 28) with this lib., to register and to use my phone's TPM as an authenticator.
I've managed to make the registration works, but I ran into an issue during authentication:
Which is one of the last steps of the
webauthn.FinishLogin()
call.Hence, I've updated my app. to use https://webauthn.io API instead, and ran into the issue:
I'm probably doing something wrong when mapping API inputs/outputs with this lib parameters, but I can't figure out where...
Here is the Android (Kotlin) code I wrote so far:
Here is the code I wrote for data classes/mappers:
The ByteArrayUtils I'm using is:
You might notice that I built attestation and assertion options manually instead of using
.fromJSON()
methods suggested in the README. I tried.fromJSON()
methods, but I still got theError validating the assertion signature
anyway.I tried to use https://webauthn.io demo webapp from Chrome on my phone, and both registration and signin work (using my phone's TPM as authenticator type).
Any chance you guys can tell me what I am doing wrong? Thanks in advance!