In verifyAuthenticatorAssertionResponse(), there is this condition : if(authr.fmt === 'fido-u2f') and then all the logic for verification.
However, shouldn't the logic for verifying assertions be the same for all formats?
I have commented this line out and it gives me a positive verification for android-safetynet.
So, should this if condition be there? or are things actually different for different formats?
In
verifyAuthenticatorAssertionResponse()
, there is this condition :if(authr.fmt === 'fido-u2f')
and then all the logic for verification.However, shouldn't the logic for verifying assertions be the same for all formats? I have commented this line out and it gives me a positive verification for
android-safetynet
.So, should this if condition be there? or are things actually different for different formats?