While working on getting around the deprecations in v4.8.0, I encountered a problem while denormalizing an AttestationResponse. The AuthenticatorResponseDenormalizer checks if the response doesn't contain a authenticatorData property at line 28. However, the responses I got have an authenticatorData property in the response. Therefore, I got an: InvalidDataException with the message Unable to create the response object.
How to reproduce
I got the following response from the browser (using simplewebauthn/browser v9.0.3) - it's from a virtual authenticator, but the response from a 'real' authenticator is the similar:
Version(s) affected
4.8.0
Description
While working on getting around the deprecations in v4.8.0, I encountered a problem while denormalizing an AttestationResponse. The
AuthenticatorResponseDenormalizer
checks if the response doesn't contain aauthenticatorData
property at line 28. However, the responses I got have anauthenticatorData
property in the response. Therefore, I got an:InvalidDataException
with the messageUnable to create the response object
.How to reproduce
I got the following response from the browser (using simplewebauthn/browser v9.0.3) - it's from a virtual authenticator, but the response from a 'real' authenticator is the similar:
Then, I try to denormalize it:
Possible Solution
I think the check
! array_key_exists('authenticatorData', $data)
should be removed.Additional Context
User agent: Chrome 122.0.6261.58 PHP: 8.3.3
I'm not using the Symfony bundle, but I have an own implementation in a Laravel-application.