search

passwordless-id / webauthn

Webauthn / passkeys helper library to make your life easier. Client side, server side and demo included.
https://webauthn.passwordless.id
MIT License
436 stars 51 forks source link

V2: authenticate() function doesn't handle string credentialIds #65

Closed hjaber closed 1 month ago

hjaber commented 1 month ago

The authenticate() function in the client library assumes that the allowCredentials array contains objects with an id property. However, when passing an array of credential ID strings directly, the function throws a TypeError.

   import { client } from '@passwordless-id/webauthn'
   // Call the `authenticate()` function with an array of credential ID strings:
   const authentication = await client.authenticate({
     challenge: "server-generated-challenge",
     allowCredentials: ["credentialId1", "credentialId2"],
     timeout: 60000
   })

Results in TypeError: "Cannot read properties of undefined (reading 'replaceAll')"

src/client.ts authenticate() diff

- id: utils.parseBase64url(id),
+ id: utils.parseBase64url(cred.id)
interface CredentialDescriptor {
    id: Base64URLString;
    transports?: AuthenticatorTransport[];
}
dagnelies commented 1 month ago

should be fixed in 2.0.2

hjaber commented 1 month ago

Fixed in 2.0.2, thank you!