search

kanidm / webauthn-rs

An implementation of webauthn components for Rustlang servers
Mozilla Public License 2.0
491 stars 80 forks source link

Compatibility Test Failure #290

Closed hisgarden closed 1 year ago

hisgarden commented 1 year ago

Please add any extra details here:


{"direct_attest_1":{"Failed":{"err":{"NavigatorError":"JsValue(NotAllowedError: This request has been cancelled by the user.\n)"},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"NWFhlj6yRfaa-zB-YRMMKg","name":"compatuser","displayName":"compatuser"},"challenge":"ag4sEIB_IZGxaDlHc2VnyKsP5vEkOX0kZb0ie0NSrNI","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"direct","authenticatorSelection":{"requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":null}},"indirect_attest_1":{"Passed":{"rs":{"cred_id":"TxKBgv3m6jNUKX0VuIbFydnvQyU","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"_2tOk-EiTPqa5689JRo56w","name":"compatuser","displayName":"compatuser"},"challenge":"KfjA0nQCz15p9NyaNJnzJEi_DWTlcu4-W34RNwjxdzU","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"indirect","authenticatorSelection":{"requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"TxKBgv3m6jNUKX0VuIbFydnvQyU","rawId":"TxKBgv3m6jNUKX0VuIbFydnvQyU","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpdAAAAAAAAAAAAAAAAAAAAAAAAAAAAFE8SgYL95uozVCl9FbiGxcnZ70MlpQECAyYgASFYIIMcq3DCjrngpvgRP3HFxuJWUtgqUgGMTL-4lDJAwDMRIlgglLeTWdIpvGAPJd70mu07NcGZa3gqPwwg38ku1uOyocQ","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiS2ZqQTBuUUN6MTVwOU55YU5KbnpKRWlfRFdUbGN1NC1XMzRSTndqeGR6VSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"none_attest_1":{"Passed":{"rs":{"cred_id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"ZIIg15QPQBeP7XozXUN0pQ","name":"compatuser","displayName":"compatuser"},"challenge":"SkBsKD-UKbroQeQ2Y2uAB-k6v1Q3MA0NGmzj2NJQ9Q4","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","rawId":"a7dqsEs8HInUpBlc7tnwzzuX6xU","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpdAAAAAAAAAAAAAAAAAAAAAAAAAAAAFGu3arBLPByJ1KQZXO7Z8M87l-sVpQECAyYgASFYII2IQCIwfd6txIBDN88yb2lGcKG-ANKm1am4HvQLZKk6IlgglePIdTBPb5j-jeRzhH2x1SvbW0ULO7Rv-ld5Vg09V4E","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiU2tCc0tELVVLYnJvUWVRMlkydUFCLWs2djFRM01BME5HbXpqMk5KUTlRNCIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authdiscouraged":{"Passed":{"aus":{"cred_id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","uv":true,"extensions":{}},"rcr":{"publicKey":{"challenge":"xv8UMv8QvegAEVqoTl87xd8AcYWu79xERld2a4aOMBE","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"a7dqsEs8HInUpBlc7tnwzzuX6xU"}],"userVerification":"discouraged","extensions":{"uvm":true}}},"pkc":{"id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","rawId":"a7dqsEs8HInUpBlc7tnwzzuX6xU","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SodAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoieHY4VU12OFF2ZWdBRVZxb1RsODd4ZDhBY1lXdTc5eEVSbGQyYTRhT01CRSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","signature":"MEUCIBq_0uFA8LhqA3droLaETLo33WaNGs7XdQ9wJWbHp8BJAiEA9W6YwvevD-uRXD5erXrfxrSgMN47QAh2b6V5wa80FoQ","userHandle":"ZIIg15QPQBeP7XozXUN0pQ"},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"authdiscouraged_consistent":"Passed","none_attest_2":{"Passed":{"rs":{"cred_id":"dDxZZYnzXpftaIvParKvU5OLfIo","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"CmysJOtATqq0DVpjuamDNw","name":"another_user","displayName":"another_user"},"challenge":"1uUiUEe4_e21fXDUFA3PWR_gVzpwhRr6uK_u-veZ4Pk","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"dDxZZYnzXpftaIvParKvU5OLfIo","rawId":"dDxZZYnzXpftaIvParKvU5OLfIo","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpdAAAAAAAAAAAAAAAAAAAAAAAAAAAAFHQ8WWWJ816X7WiLz2qyr1OTi3yKpQECAyYgASFYIIeJVYbJU5b_jMRG5GLo6XGiLxVcOU2QIZEoZpE_7V-nIlggkYqShgrWA1KgJGdQmEHiveUmd125qAJQvZ0K4AkeTv8","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiMXVVaVVFZTRfZTIxZlhEVUZBM1BXUl9nVnpwd2hScjZ1S191LXZlWjRQayIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authmultiple":{"Passed":{"aus":{"cred_id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","uv":true,"extensions":{}},"rcr":{"publicKey":{"challenge":"vSTTTqMNPiPZYqwUzyz2ScDeRWrbW6GSSCDm2ungHkE","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"a7dqsEs8HInUpBlc7tnwzzuX6xU"}],"userVerification":"discouraged","extensions":{"uvm":true}}},"pkc":{"id":"a7dqsEs8HInUpBlc7tnwzzuX6xU","rawId":"a7dqsEs8HInUpBlc7tnwzzuX6xU","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SodAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoidlNUVFRxTU5QaVBaWXF3VXp5ejJTY0RlUldyYlc2R1NTQ0RtMnVuZ0hrRSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","signature":"MEYCIQCKZxrUXNW07JkKHMIr0GEAhtTRRCBeZFt_B7NE6OEsWQIhAJrBTV6fPyXbxcT-QgVfbWzp5B4vNvDNebna00ccm7ut","userHandle":"ZIIg15QPQBeP7XozXUN0pQ"},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"fallback_alg":{"Warning":{"err":{"NavigatorError":"JsValue(NotAllowedError: This request has been cancelled by the user.\n)"},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"IYKi64--SQqxnlTQw84sYw","name":"compatuser","displayName":"compatuser"},"challenge":"UfrDFPt-u1bNW99iKoYo31HSAXzjkrL3ils-4dEjlxM","pubKeyCredParams":[{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":null}},"uvpreferred":{"Passed":{"rs":{"cred_id":"zzAfat7De_A5H8tmYYBETnarLGQ","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"ZsHTYIW0RhK2qwpSnyLcWA","name":"compatuser","displayName":"compatuser"},"challenge":"ua9eELjic14scu4Mw6T06UbFd4RWiHn--dOeVHohhC4","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"requireResidentKey":false,"userVerification":"preferred"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"zzAfat7De_A5H8tmYYBETnarLGQ","rawId":"zzAfat7De_A5H8tmYYBETnarLGQ","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpdAAAAAAAAAAAAAAAAAAAAAAAAAAAAFM8wH2rew3vwOR_LZmGARE52qyxkpQECAyYgASFYIFk0O_h065FgSNFClVWnuDS1rEbLgJrIdn_osAuTTunuIlggiGiXDlkG07eHoezsdujarVRrKp9ajkUd1H6YU658XRA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoidWE5ZUVMamljMTRzY3U0TXc2VDA2VWJGZDRSV2lIbi0tZE9lVkhvaGhDNCIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authpreferred":{"Passed":{"aus":{"cred_id":"zzAfat7De_A5H8tmYYBETnarLGQ","uv":true,"extensions":{}},"rcr":{"publicKey":{"challenge":"ilNq-G-Wn1YD6adXrFy45W1wYaPm1BF17plXRq-jlTY","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"zzAfat7De_A5H8tmYYBETnarLGQ"}],"userVerification":"preferred","extensions":{"uvm":true}}},"pkc":{"id":"zzAfat7De_A5H8tmYYBETnarLGQ","rawId":"zzAfat7De_A5H8tmYYBETnarLGQ","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SodAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiaWxOcS1HLVduMVlENmFkWHJGeTQ1VzF3WWFQbTFCRjE3cGxYUnEtamxUWSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","signature":"MEYCIQCcTYFkfDhY4FMVIF4efeiwfL3t286lLD6yW1fWKE4ItAIhAK8hMq7cp_gT3KIevBL2nH4QMZNMwBWFQD8254rSn2Kt","userHandle":"ZsHTYIW0RhK2qwpSnyLcWA"},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"authpreferred_consistent":"Passed","uvrequired":{"Passed":{"rs":{"cred_id":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"1yfqzuToTaG3ufBEVcEMhw","name":"compatuser","displayName":"compatuser"},"challenge":"2pVdbaQQx3AMAmZXfiG2f7AKXIJ25_zBLMOohTl5BrQ","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"requireResidentKey":false,"userVerification":"required"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","rawId":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpdAAAAAAAAAAAAAAAAAAAAAAAAAAAAFPwnKqeVm2ay5_CPEvHMWP-B5YdppQECAyYgASFYIKHIxC_uJ6-BXxFrcSNlgfIv_H_94VCvy_uEVSV0bkgCIlggzinWhCsE7YoIjxvt2pVLgr4nVp4n2M9uUd0tpq4Cb9o","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiMnBWZGJhUVF4M0FNQW1aWGZpRzJmN0FLWElKMjVfekJMTU9vaFRsNUJyUSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authrequired":{"Passed":{"aus":{"cred_id":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","uv":true,"extensions":{}},"rcr":{"publicKey":{"challenge":"DszeqnyX__sWZSBISMz2YH1pb5eJ-BfVbdbLxs_KNy8","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k"}],"userVerification":"required","extensions":{"uvm":true}}},"pkc":{"id":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","rawId":"_Ccqp5WbZrLn8I8S8cxY_4Hlh2k","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SodAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRHN6ZXFueVhfX3NXWlNCSVNNejJZSDFwYjVlSi1CZlZiZGJMeHNfS055OCIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1In0","signature":"MEYCIQCYPV5penFbuLiam8IPODiExMTm6A2JkLWYs1esi7STlAIhAN7lWnpy3z5CjFUp4YV1yi40dg5ywowcNkx9ZXdXCaZQ","userHandle":"1yfqzuToTaG3ufBEVcEMhw"},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"extn_uvm_supported":"FailedPrerequisite","extn_credprotect_supported":"FailedPrerequisite","extn_hmacsecret_supported":"FailedPrerequisite"}```
Firstyear commented 1 year ago

This is expected - Apple's passkeys refuse to provide attestation and can't be used in high assertion environments. In non attested scenarioes they will wore correctly as the remaining tests show.