Is Assertion verification same for all formats?

fido-alliance / webauthn-demo

WebAuthn Workshop Demo [Completed DEMO is at completed demo-branch]

MIT License

733 stars 152 forks source link

Is Assertion verification same for all formats? #22

Open RDevR99 opened 4 years ago

RDevR99 commented 4 years ago

In verifyAuthenticatorAssertionResponse(), there is this condition : if(authr.fmt === 'fido-u2f') and then all the logic for verification.

However, shouldn't the logic for verifying assertions be the same for all formats? I have commented this line out and it gives me a positive verification for android-safetynet.

So, should this if condition be there? or are things actually different for different formats?

pratomchaip commented 4 years ago

How did you verify the android-safetynet attestation?

lordgape commented 3 years ago

Does anyone know how one can verify the android-safetynet attestation?