What extension data is in AuthenticatorAssertionResponse.authenticatorData?

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials

https://w3c.github.io/webauthn/

Other

1.18k stars 172 forks source link

What extension data is in AuthenticatorAssertionResponse.authenticatorData? #418

Closed jyasskin closed 7 years ago

jyasskin commented 7 years ago

It's documented as

This attribute contains the authenticator data returned by the authenticator. See §5.1 Authenticator data.

and that section says the extension data is "a CBOR [RFC7049] map with extension identifiers as keys, and authenticator extension inputs as values". It's odd to see inputs stored in a returned structure. Should that be "client extension outputs" instead?

If it's "authenticator extension outputs", then I'm curious where the client outputs wind up.

selfissued commented 7 years ago

Yep - that's a bug. It should be "authenticator extension outputs". I'll file a quick PR to fix this and ask @equalsJeffH to review it and merge it. Thanks for the catch!

equalsJeffH commented 7 years ago

fixed by PR #421