Open inorganik opened 4 years ago
Could you also add the fix for the branch completed-demo
?
The current state of your completed-demo
branch allows to register with a built-in sensor on macOS, but if you log out you can only log in with a security key.
I could, that would require a separate PR. I'd like to see if the maintainers want to merge this first though.
If you want to merge it into your completed-demo branch, you could do
$ git remote add inorganik git@github.com:inorganik/webauthn-demo.git
$ git fetch inorganik
$ git checkout inorganik/master -- utils.js
which should keep you on your completed-demo branch but take my updated copy of utils.js
Could you also add the fix for the branch
completed-demo
?The current state of your
completed-demo
branch allows to register with a built-in sensor on macOS, but if you log out you can only log in with a security key.
@estensen Did you find a solution for this?
@NFhbar Yes, I got it to work! Had some browser issues. Think I ended up using Chrome. Don't know it browser support has been improved since.
@NFhbar Yes, I got it to work! Had some browser issues. Think I ended up using Chrome. Don't know it browser support has been improved since.
Yeah, works on Chrome just fine, but the login keeps forcing security key and has no built-in-sensor option. You got a link I can look at your implementation of this?
@NFhbar you have to copy the changes from this branch to the branch completed-demo
. These are the only changes. It's a bit hard to see because of the automatic linting.
} else if (ctapMakeCredResp.fmt === 'packed') { // Self signed
let authrDataStruct = parseMakeCredAuthData(ctapMakeCredResp.authData);
if (!(authrDataStruct.flags & U2F_USER_PRESENTED))
throw new Error('User was NOT presented durring authentication!');
const clientDataHash = hash(base64url.toBuffer(webAuthnResponse.response.clientDataJSON))
const publicKey = COSEECDHAtoPKCS(authrDataStruct.COSEPublicKey)
const signatureBase = Buffer.concat([ctapMakeCredResp.authData, clientDataHash]);
const PEMCertificate = ASN1toPEM(publicKey);
const { attStmt: { sig: signature, alg } } = ctapMakeCredResp
response.verified = // Verify that sig is a valid signature over the concatenation of authenticatorData
// and clientDataHash using the attestation public key in attestnCert with the algorithm specified in alg.
verifySignature(signature, signatureBase, PEMCertificate) && alg === -7
if (response.verified) {
response.authrInfo = {
fmt: 'fido-u2f',
publicKey: base64url.encode(publicKey),
counter: authrDataStruct.counter,
credID: base64url.encode(authrDataStruct.credID)
}
}
Sorry for all the whitespace changes, I auto-formatted in vscode.
This fixes #12