FIX Remove padding to work with web-auth/webauthn-lib 4.1.0+

silverstripe / silverstripe-webauthn-authenticator

A Web Authentication (WebAuthn) authenticator for silverstripe/silverstripe-mfa

BSD 3-Clause "New" or "Revised" License

4 stars 3 forks source link

FIX Remove padding to work with web-auth/webauthn-lib 4.1.0+ #128

Closed emteknetnz closed 1 year ago

emteknetnz commented 1 year ago

Issue https://github.com/silverstripe/silverstripe-webauthn-authenticator/issues/124

Note re the colors update in yarn.lock that I think happened when I did yarn install - 1.4.0 is the secure version - https://snyk.io/blog/open-source-npm-packages-colors-faker/

GuySartorelli commented 1 year ago

Is an = at the end always padding? And is there only ever one?

emteknetnz commented 1 year ago

I think I saw it with both 1 and 2 padding.

Yes = is padding - https://www.w3.org/TR/webauthn-2/#sctn-dependencies

Base64url encoding The term Base64url Encoding refers to the base64 encoding using the URL- and filename-safe character set defined in Section 5 of [[RFC4648]](https://www.w3.org/TR/webauthn-2/#biblio-rfc4648), with all trailing '=' characters omitted (as permitted by Section 3.2) and without the inclusion of any line breaks, whitespace, or other additional characters.