search

web-auth / webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework
MIT License
420 stars 54 forks source link

Webauthn\CollectedClientData::createFormJson not working #510

Closed hulvat closed 8 months ago

hulvat commented 11 months ago

Version(s) affected

4.7

Description

Hi I got error could not load data when a called method

$publicKeyCredentialLoader->load($data);

I found that this method

createFormJson in Webauthn\CollectedClientData call this code on line 91 $rawData = Base64UrlSafe::decodeNoPadding($data);

but when i changed to $rawData = base64_decode($data);

everythings work ok.

How to reproduce

just send this base 64 encoded string to method createFormJson and it will throw error

eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiWVdFIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ==

despite the fact, that this string is valid base64 encoded string

Possible Solution

change $rawData = Base64UrlSafe::decodeNoPadding($data); to $rawData = base64_decode($data);

Additional Context

No response

Spomky commented 11 months ago

Hi @hulvat,

The expected encoding is Base64Url without padding, not base64. This was changed in the previous minor release to conform to the Webauthn specifications. This behavior will not be changed because it will call into question the library's compliance.

What tool do you use to send the data? If you use SimpleWebauthn, the data should be encoded correctly and the error will not occur.

github-actions[bot] commented 7 months ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.