Open ckosmowski opened 5 years ago
I can confirm the same issue with YubiKey NFC 5 series and Chrome 73.0.3683.86. The demos also work fine for me.
I met the same issue.
The completed-demo branch supports only fido-u2f attestation . https://github.com/fido-alliance/webauthn-demo/blob/completed-demo/utils.js#L201
Please confirm attestation format of your authenticator. It is probably packed attestation format.
If you want to know about packed attestation, you should see below. https://medium.com/@herrjemand/verifying-fido2-packed-attestation-a067a9b2facd
Please confirm attestation format of your authenticator. It is probably packed attestation format.
Yep it looks like you are correct, at least in my case.
It seems like the master branch is verifying packed attestation. It's better confirm below. https://github.com/fido-alliance/webauthn-demo/blob/master/utils.js#L227
Well spotted. If you swap out the /utils.js
on the completed-demo branch with the one linked above from master the code works.
If the utils.js is replaced with the one from the master branch, my yubikey 5c works, but the built-in touch id of my mac doesn't. The built-in touch id uses packed format with surrogate assertion.
Is there a library that handles common devices like mac touch ID?
Yubikey 5 NFC, Mac OS X, Google Chrome Version 77.0.3865.90 (Official Build) (64-bit), Node v10.16.0. Replaced utils.js with version from master branch. Had to also install '@fidm/x509' and 'iso-3166-1'. This all seems kinda sketch but it worked.
I was able to get this to work with my Mac Touch ID by adding support for self-signed attestation.
Here's the diff, sorry for all the whitespace changes, I auto-formatted in vscode.
https://github.com/fido-alliance/webauthn-demo/pull/17
the changes you want start on line 277 in utils.js in that else if
block
How to make this work for iPhone touch or face scan login?
With the completed-demo branch i get the "Can not authenticate signature" error whenever i try to register. I am Using Yubico Security Key NFC and chrome 73.0.3683.75.
The demos at https://webauthn.io/ and https://webauthn.org/ however are working well.