Closed infinisil closed 2 years ago
Yeah, there is no standard schema for the payload. The result of navigator.credentials.{create,get}
is not directly serializable into JSON because it has arrays with binary data.
The haskell library webauthn encodes the whole payload into CBOR, which forced the client-side code to include a CBOR library. Perhaps that was caused by misreading how the spec suggests using CBOR.
For the format let's pick a format that is easy to create in the browsers. There is native support for base64 encoding with atob/btoa.
This has been done with https://github.com/tweag/haskell-fido2/pull/32, see https://github.com/tweag/haskell-fido2/blob/master/fido/Crypto/Fido2/Model/JavaScript/Decoding.hs for the main decoding code
Currently the decoding of webauthn replies by the client is all done through https://github.com/github/webauthn-json, in https://github.com/tweag/haskell-fido2/blob/master/fido/Crypto/Fido2/Protocol.hs#L355-L366. The specific JSON format is notably dependent on the JavaScript library used, see #13.
We should clean this up by:
navigator.credentials.{create,get}
.webauthn-json
-specific function for turning its JSON-encoding into such a data type