Kehrlann
commented
6 days ago I consider this lower priority, as the default UI is intended to be used with our default filter implementations.
Open Kehrlann opened 6 days ago
Kehrlann
commented
6 days ago I consider this lower priority, as the default UI is intended to be used with our default filter implementations.
The JS code expects server responses to adhere to a certain format ; e.g. the call to
/webauthn/register/optionsshould return certain fields. The Spring Security implementation is expected to respond with the correct format, but user implementations may be incorrect, missing a field, having an incorrect type, etc.Currently the JS throws an error, and the message might be surprising, e.g.
can't access property "replace", base64url is undefinedinstead of something akin tothe /webauthn/register/options call should have a "user.id" property.Following the stack trace, a user may be able to find what the problem is, but it is not trivial, as it might be the second or third line in the stack trace that shows the incriminating call site.
Responses to validate:
/webauthn/register/options/webauthn/register/webauthn/authenticate/options/login/webauthn