Clean up decoding

[infinisil]

Currently the decoding of webauthn replies by the client is all done through https://github.com/github/webauthn-json, in https://github.com/tweag/haskell-fido2/blob/master/fido/Crypto/Fido2/Protocol.hs#L355-L366. The specific JSON format is notably dependent on the JavaScript library used, see #13.

We should clean this up by:

• Introducing a data type for a webauthn reply closely mirroring the JavaScript one returned by navigator.credentials.{create,get}.
• Creating a webauthn-json-specific function for turning its JSON-encoding into such a data type
• Redoing the parsing functions around https://github.com/tweag/haskell-fido2/blob/master/fido/Crypto/Fido2/Protocol.hs#L503-L579, which are currently mixing many different ways of decoding parts

[lykahb]

Yeah, there is no standard schema for the payload. The result of navigator.credentials.{create,get} is not directly serializable into JSON because it has arrays with binary data.

The haskell library webauthn encodes the whole payload into CBOR, which forced the client-side code to include a CBOR library. Perhaps that was caused by misreading how the spec suggests using CBOR.

For the format let's pick a format that is easy to create in the browsers. There is native support for base64 encoding with atob/btoa.

[infinisil]

This has been done with https://github.com/tweag/haskell-fido2/pull/32, see https://github.com/tweag/haskell-fido2/blob/master/fido/Crypto/Fido2/Model/JavaScript/Decoding.hs for the main decoding code