Closed jonathanverner closed 4 years ago
What is the status of this PR? It seems like a straightforward change.
Hi @jonathanverner and @skorokithakis,
I tested this change and it looks good to me. @jordan-wright or @nicksteele when you get a chance can you review/merge?
I would possibly change the return
to return 0
to be more explicit, but it looks good to me too.
The WebAuthN spec seems to allow for authenticators which do not support the signature counter (see step 17 in 7.2 Verifying an Authentication Assertion), i.e. the signature counter should only be checked if it is non-zero.