Brownser compatibility issue

flarocca commented 1 year ago

I using the latest stable version of webauthn-rs:

webauthn-rs = {version = "0.4.8", features = ["danger-allow-state-serialisation", "preview-features", "resident-key-support"]}

I am getting an AttestationNotVerifiable error when finishing the passwordless registration (finish_passwordlesskey_registration)

I just ran the Compatibility test and got the json attached at the end. I was looking into using User Verfication requried, but the crate at the stable version does not provide that option, only the finish_passwordlesskey_registration function

{"direct_attest_1":{"Passed":{"rs":{"cred_id":"-LIKcyxVmkMB1GKU6UhySY3vQea5CpNUqTt7fWSBW_c","uv":false,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"ZnBy-s10TPWD1peyHDbDCg","name":"compatuser","displayName":"compatuser"},"challenge":"qH172tKuaf7bwX5n3f0TdeyIbCNLxBx6uaBqAwM8z9g","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"direct","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"-LIKcyxVmkMB1GKU6UhySY3vQea5CpNUqTt7fWSBW_c","rawId":"-LIKcyxVmkMB1GKU6UhySY3vQea5CpNUqTt7fWSBW_c","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEgwRgIhANorbHJdLSCYL4eW7CMV_6TUcblnwMKm4tnujh3QuymfAiEAkNX42FJbPKRJ4ZFfgKhaZHi791wHZ_tMNULfv3ZLj6ZoYXV0aERhdGFYpGq5u_Dfmhb5Hbszu7Ey-vnRfHgsSCbG7HDs7ljZfvUqQQAAAAC1OXZmSIWqa86_5SJipDmiACD4sgpzLFWaQwHUYpTpSHJJje9B5rkKk1SpO3t9ZIFb96UBAgMmIAEhWCDVGTs0f2TGhJnU0eoUzQ-q6KdCgCHF1LtbT0zy1GdQHyJYIGia2PKwkbX3DMSXTkRsJ39-1_8f8hgxaA_EWM-yAOOF","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicUgxNzJ0S3VhZjdid1g1bjNmMFRkZXlJYkNOTHhCeDZ1YUJxQXdNOHo5ZyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"indirect_attest_1":{"Passed":{"rs":{"cred_id":"mlKnGFhZkz0eVJiEYw493gv0KzZEOuFFU_6OToxhCxI","uv":false,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"BJjncUunTMisXs6tDz-75w","name":"compatuser","displayName":"compatuser"},"challenge":"mV7F5Ybd21mGdhESO44Y2GAgj0gNnj_491o8axBXtVg","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"indirect","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"mlKnGFhZkz0eVJiEYw493gv0KzZEOuFFU_6OToxhCxI","rawId":"mlKnGFhZkz0eVJiEYw493gv0KzZEOuFFU_6OToxhCxI","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEgwRgIhAMP_FWmKjNHLy_jMgUDUBPFy7sPqDGk0ysUn8bNNjKYTAiEAnXnqaRXvq414V3vg9ZP9uolFD-voucvtsSkfI2DPZr1oYXV0aERhdGFYpGq5u_Dfmhb5Hbszu7Ey-vnRfHgsSCbG7HDs7ljZfvUqQQAAAAC1OXZmSIWqa86_5SJipDmiACCaUqcYWFmTPR5UmIRjDj3eC_QrNkQ64UVT_o5OjGELEqUBAgMmIAEhWCD7mW5k733F5DMiPYJnNXwH4iz1vBTMm7c6OlSaAhJgXCJYIOTW4Tyv4XOVsPmEMFiDs9cc9iDZ4A00SbElQHjBcJaA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoibVY3RjVZYmQyMW1HZGhFU080NFkyR0FnajBnTm5qXzQ5MW84YXhCWHRWZyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"none_attest_1":{"Passed":{"rs":{"cred_id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","uv":false,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"yddQApW9Qxy-fygNzlPoPg","name":"compatuser","displayName":"compatuser"},"challenge":"LzIINxplGT7UPYSXfroA65umf8K3ljkgaJ-UhjshsM8","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","rawId":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpBAAAAALU5dmZIhaprzr_lImKkOaIAIE7BzMevYjxmbB0UVu_qQO_a0d8WbV5y-qR3RWA0sbxxpQECAyYgASFYIO5lPga3HTBcEXwkF2anvcJWQoTZH7_NHWiW5Htv8JQeIlggDroDUEoFRu8G31B9RSPyzKbAJUIALIqgkBqPnhl3aAM","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTHpJSU54cGxHVDdVUFlTWGZyb0E2NXVtZjhLM2xqa2dhSi1VaGpzaHNNOCIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authdiscouraged":{"Passed":{"aus":{"cred_id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","uv":false,"extensions":{}},"rcr":{"publicKey":{"challenge":"zoMjkquBJnWd7tGb5J9GvSYmTXisb2PO65v4W-sIIXA","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE"}],"userVerification":"discouraged","extensions":{"uvm":true}}},"pkc":{"id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","rawId":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SoBAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiem9NamtxdUJKbldkN3RHYjVKOUd2U1ltVFhpc2IyUE82NXY0Vy1zSUlYQSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","signature":"MEUCIQDD8Wmt34GU3gXwPzrUFHSOptfsVUpIf4BPr0zV1ZxYtQIgeNcAp7L5S5RFBsl3XNN-7-u7_XdRCSe6fXW5-7o8_6k","userHandle":""},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"authdiscouraged_consistent":"Passed","none_attest_2":{"Passed":{"rs":{"cred_id":"VuZlziNzZGI8QpMW7v3Tevp4ZI4nlnQ53loGChCCvvk","uv":false,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"R6hB-wF5T22ORYiJ0yppGQ","name":"another_user","displayName":"another_user"},"challenge":"BFsWWyIezP6P4URG4eR8IEg27wzoriRZiUYqpbrUr-o","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"VuZlziNzZGI8QpMW7v3Tevp4ZI4nlnQ53loGChCCvvk","rawId":"VuZlziNzZGI8QpMW7v3Tevp4ZI4nlnQ53loGChCCvvk","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpBAAAAALU5dmZIhaprzr_lImKkOaIAIFbmZc4jc2RiPEKTFu7903r6eGSOJ5Z0Od5aBgoQgr75pQECAyYgASFYIFN0Ej2d0cZqqQseJH53xybLXJiARJxElHxg4dSZ6u90Ilggx5qo7A5t4vu4zzo0TWdWmKr9wIokDE54AedxTLkYtsM","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiQkZzV1d5SWV6UDZQNFVSRzRlUjhJRWcyN3d6b3JpUlppVVlxcGJyVXItbyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authmultiple":{"Passed":{"aus":{"cred_id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","uv":false,"extensions":{}},"rcr":{"publicKey":{"challenge":"yWfWhxcZZJkvMHQ4LKggJgP-UaLBzxVAjKI_mfxwXWA","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE"}],"userVerification":"discouraged","extensions":{"uvm":true}}},"pkc":{"id":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","rawId":"TsHMx69iPGZsHRRW7-pA79rR3xZtXnL6pHdFYDSxvHE","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SoBAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoieVdmV2h4Y1paSmt2TUhRNExLZ2dKZ1AtVWFMQnp4VkFqS0lfbWZ4d1hXQSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","signature":"MEUCIB_-xfNF4h0ciyJRfFNATBuaZVP3lNLMe6PQjmREYAOEAiEArAcrvKi6oGTH07Nbo26ZbSerl7MYx1Sirf6MH23wAEI","userHandle":""},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"fallback_alg":{"Warning":{"err":{"NavigatorError":"JsValue(NotAllowedError: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.\nundefined)"},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"_BOxKsKeTUWb2nVVY1xbnQ","name":"compatuser","displayName":"compatuser"},"challenge":"ihzHUT--5Vy_AZy8Mrbq1tvl6-AeB7vMiqC45p4xmrY","pubKeyCredParams":[{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"discouraged"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":null}},"uvpreferred":{"Passed":{"rs":{"cred_id":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","uv":false,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"2uCpYtTGT8mVBkkLMk5sXg","name":"compatuser","displayName":"compatuser"},"challenge":"fGWne9kSBCY2ezeSS32QByynrcde6Nm1y5fKmw-tZXY","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"preferred"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","rawId":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpBAAAAALU5dmZIhaprzr_lImKkOaIAII9AM3rT3BpEjguHgQvSYnx1dzUXIexQ8QN0rmbM8tK0pQECAyYgASFYIP4zT-HGJmXqCt9jn71gCbWRLDZE9rdGZAcXkLKMK5xpIlggActiRyQBAzTP5U2kuef9So-owi0UkyNf6sO1TUhnNas","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiZkdXbmU5a1NCQ1kyZXplU1MzMlFCeXlucmNkZTZObTF5NWZLbXctdFpYWSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authpreferred":{"Passed":{"aus":{"cred_id":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","uv":false,"extensions":{}},"rcr":{"publicKey":{"challenge":"uberkjWGv8nf463rHGE_KWH0FM5zBdHu5xgtPkIgCUg","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ"}],"userVerification":"preferred","extensions":{"uvm":true}}},"pkc":{"id":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","rawId":"j0AzetPcGkSOC4eBC9JifHV3NRch7FDxA3SuZszy0rQ","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SoBAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoidWJlcmtqV0d2OG5mNDYzckhHRV9LV0gwRk01ekJkSHU1eGd0UGtJZ0NVZyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","signature":"MEYCIQC6EMEzKogPTM7ZK4bd8-oreW5N5Ijq5D_R25cSxfq6XgIhAP83o1nXDXt2oR51yz3cwZ7x8JTSD74J9w3-c3HZmziU","userHandle":""},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"authpreferred_consistent":"Passed","uvrequired":{"Passed":{"rs":{"cred_id":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","uv":true,"alg":"ES256","extensions":{"cred_protect":"Ignored","hmac_create_secret":"Ignored","appid":"NotRequested","cred_props":{"Unsigned":{"rk":true}}}},"ccr":{"publicKey":{"rp":{"name":"webauthn.firstyear.id.au","id":"webauthn.firstyear.id.au"},"user":{"id":"GT52VXHERj6NfIO0hrul6g","name":"compatuser","displayName":"compatuser"},"challenge":"b6L50F4Hw712DeanguS6YGxTvaNHJZcYqXsv2p3v77Y","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-39},{"type":"public-key","alg":-8},{"type":"public-key","alg":-65535}],"timeout":60000,"attestation":"none","authenticatorSelection":{"residentKey":"discouraged","requireResidentKey":false,"userVerification":"required"},"extensions":{"credentialProtectionPolicy":"userVerificationOptionalWithCredentialIDList","enforceCredentialProtectionPolicy":false,"uvm":true,"credProps":true,"minPinLength":true,"hmacCreateSecret":true}}},"rpkc":{"id":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","rawId":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpFAAAAALU5dmZIhaprzr_lImKkOaIAIK8PzNeBUqRZwkqXA76_AVTJNaSk6ed_B6ipk-YQwSmVpQECAyYgASFYINGTPG-FN00heFcTkfBk1MZgldItgTr-bFQiYmlW2mNSIlggi2GPgqaIuJu8gGg82F76PoZCuaPAh3w0-atofk6pMKo","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiYjZMNTBGNEh3NzEyRGVhbmd1UzZZR3hUdmFOSEpaY1lxWHN2MnAzdjc3WSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","transports":null},"type":"public-key","extensions":{"cred_props":{"rk":true}}}}},"authrequired":{"Passed":{"aus":{"cred_id":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","uv":true,"extensions":{}},"rcr":{"publicKey":{"challenge":"H6JRbjSBkQVC5kOjdOPuKHsRKDMX6npzEM0ORgeyu2s","timeout":60000,"rpId":"webauthn.firstyear.id.au","allowCredentials":[{"type":"public-key","id":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU"}],"userVerification":"required","extensions":{"uvm":true}}},"pkc":{"id":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","rawId":"rw_M14FSpFnCSpcDvr8BVMk1pKTp538HqKmT5hDBKZU","response":{"authenticatorData":"arm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SoFAAAAAA","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiSDZKUmJqU0JrUVZDNWtPamRPUHVLSHNSS0RNWDZucHpFTTBPUmdleXUycyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","signature":"MEUCIF7ZYP-LC1pQu6hQNYoepwJcachCa97fiYA07FJ_CKncAiEAzMyQ1Kl0OQ4vjqxw1uFBH-jb8OrdpbALbpeiqxBjV3I","userHandle":"GT52VXHERj6NfIO0hrul6g"},"extensions":{"appid":null,"hmac_get_secret":null},"type":"public-key"}}},"extn_uvm_supported":"FailedPrerequisite","extn_credprotect_supported":"Failed","extn_hmacsecret_supported":"Failed"}

Firstyear commented 1 year ago

Well you're problem here is you're using preview-features :) they aren't finished yet.

To help explain, we've polished this a lot in 0.5.0. I think the comments/docs help explain better:

https://github.com/kanidm/webauthn-rs/blob/master/webauthn-rs/src/lib.rs#L331

passkeys - any possible authenticator
attested passkey (formerly passwordless) - an authenticator that is attested by a set of known and trusted CA's
attested resident key (formerly device key) - an authenticator that is attested by a known set of trusted CA's and creates a resident key
security key - a second factor authenticatior only

Because you're using passwordless here, it's likely that this is failing because you aren't providing a proper list of attestation CA's that can be used here. AttestationNotVerifiable comes from https://github.com/kanidm/webauthn-rs/blob/master/webauthn-rs-core/src/core.rs#L592

So you need to either use passkeys only, or you need to define and create an attestation CA list. We are still working on the Attestation CA list format and improvements to it, so if you want this, you should use 0.5.0-dev from git master.

Hope that helps,

flarocca commented 1 year ago

Hey! Thanks for replying! I just created the issue cause I saw the option in the docs.

I am still unfamiliar with the protocol (going deep into the specification and your videos), so I could'n find a way to provide a valid Attestation Object. I passed AttestationListCA.use_all_known() when calling start registration, but seems that whatever the WebAuthN API on the browser is retuening is not in the list.

I ended up using webauthn-core directly that allowed me to provide a None attestation list while still having the option to use UserVerification enabled. BRW, I've got the same error via the Demo site, that's why I raised the ticket.

I am doing a research since we (my team) is looking into Passwordless authenticacion for our production Identity Provider (that's why I targetted version 0.4.8 instead of 0.5)

Thanks.

Firstyear commented 1 year ago

That's because we haven't made public a way to create that attestation object - and really, you only need attestation if you need to strictly control precise models of devices that are being used by people.

If you need to do that, try out 0.5.0-dev, because we have ways to do it there.

If you don't need attestation (ie None), then you only need passkey. In 0.5.0 we enforce it to be uv=required because of security issues in safari/chrome.

So you might just benefit from early testing of 0.5.0-dev :)

Firstyear commented 1 year ago

Regardless, I'm happy to help out to resolve the problems your hitting, the webauthn-rs api should work for you and your use case - reaching for webauthn-rs-core seems like the wrong step here unless you have some really specific/niche requirements.

flarocca commented 1 year ago

I see your point! I just used webauthn-core cause I was more flexible! I'll give it a try to 0.5.0-dev!! You guys will have another betatester!

BTW, if there is a way I can contribute, just let me know.

Firstyear commented 1 year ago

Honestly your feedback on 0.5.0-dev would be amazing. Currently we are working to actually release it soon, I'm trying to finalise the fido MDS parsing an attestation now. Thanks for offering to help!

Firstyear commented 11 months ago

Closing for now, if you have more feedback @flarocca please let us know!

kanidm / webauthn-rs

Brownser compatibility issue #347