Closed NickTheDev closed 3 days ago
NickTheDev
commented
1 month ago Interesting, I found the cause. In other places in my app, I use FlutterSecureStorage with the encryptedSharedPreferences: true and I noticed in the CredentialSafe it uses false for that setting, and it seems to conflict and cause the storage to be overwritten, hence why the credential key pair is not found.
killermonk
commented
1 month ago @NickTheDev good find on that. I'm sure you've figured it out, but you can create your own instance of CredentialSafe using your FlutterSecureStorage instance and pass that to the Authenticator to override the internal creation and make sure they are aligned.
I'm going to take an action item from this bug to add some documentation around this behavior and potential dependency conflict.
NickTheDev
commented
1 month ago So funny story you actually can't right now because credential safe is not exported with the library.
NickTheDev
commented
1 month ago Think that should be a quick fix though to expose CredentialSafe to end implementers :)
killermonk
commented
1 month ago Oops. My bad. I thought it was. If you want to submit a PR to expose it, I'd love to merge it. Otherwise I can look into it this evening. Probably.
killermonk
commented
1 month ago Just published version 0.2.5 that adds the util dependencies to the exports
NickTheDev
commented
1 month ago Thanks so much! This library honestly was a game changer for me. I really like that it actually doesn't use the native libraries for passkey because I hate when it pops up on the bottom-I much prefer how it just asks for FaceID with this library. You Rock!
killermonk
commented
4 weeks ago Hehe, that would probably be this todo here: https://github.com/flutter-institute/webauthn/blob/master/lib/src/authenticator.dart#L302 that I may or may not ever get around to implementing if someone asks about it.
This problem only occurs on Android-my iOS implementation is shipped to production and works fine (Webauthn 2.3.0).
On Android, when I call makeCredential and save the credentialId, and make subsequent assertions with getAssertion, it works fine. However, after restarting the application and trying to call getAssertion and passing the credentialId I want, I get this error:
KeyPair not found for 'webauthn-prefix-35gXXfYefD7JfIWqNZULRpMx4B0a3QDi0SAPi0u9S7k'
This is blocking me from shipping to Google Play, would appreciate any help and happy to help debug where I can.
Also interesting: I believe this only started happening after upgrading my physical Android device I use to test this implementation to Android 13 from Android 12, not sure if there's anything there or if it was broken before too.