search

web-auth / webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework
MIT License
403 stars 53 forks source link

There is no attested credential data #639

Closed Nevercold closed 1 month ago

Nevercold commented 1 month ago

Hello,

I am in the process of upgrading from 4.7.0 to 5.0.0.

However, I have the problem during authentication that the error “There is no attested credential data.” appears. I use “SimpleWebAuthn” in the frontend

I have (think) packed everything important together: https://gist.github.com/Nevercold/0b9f406f167058a1a702bc72b5437a3f

{
   "options":{
      "challenge":"ZTFlODg2YTIwNGU3M2EyNjJkOTVkN2RlNGVlMzFmMzNhNWUxNzcwZDYyNmJkZmIxMGVlYzVjMjZkYTg2MGI0Mg",
      "timeout":60000,
      "rpId":"",
      "allowCredentials":[
         {
            "type":"public-key",
            "id":"2pZ3pRdqR-WUMlGkeWKHxg",
            "transports":[
               "internal"
            ]
         },
         {
            "type":"public-key",
            "id":"IPGRLjAstipHgdZBjQ1d9T8JJniqV6HQHia1fKSFWzQ",
            "transports":[
               "internal"
            ]
         }
      ],
      "userVerification":"discouraged"
   },
   "token":""
}
{
   "sessionCode":"8b679c0177de27085bedabf392740773bff86969eff5499bcae0d5ebe769",
   "token":"",
   "id":"2pZ3pRdqR-WUMlGkeWKHxg",
   "rawId":"2pZ3pRdqR-WUMlGkeWKHxg",
   "response":{
      "authenticatorData":"-yztDV5bIqcVyFeDUMhaA_jAOKtlru8WNKXc5gzuHgcZAAAAAA",
      "clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTlRjeE16a3haVGRoWkdOa1pEUm1ZbVkwTlRrNFpHSTNZekUyTnpobVpHSmtORFV3TkRNNFpqVXlabVV6WW1GbE9XSTFOekEyWmpVME5ERTRNekJtT0EiLCJvcmlnaW4iOiJodHRwczovL2htY3N3NDItZnJvbnRlbmQucHVoZ3JvdXAuZGUiLCJjcm9zc09yaWdpbiI6ZmFsc2V9",
      "signature":"MEUCIQDeeVeBMTbe2nb-C5N4IWww6vkFC5obFi5b2uFpMoOofQIgO4bmvdpYLzAxcI1A9DhDez4dwLQ1uKrXzzhGi_DqXko",
      "userHandle":"MDc4ZmMyODEtNGRkNy0xMWVmLThiOWUtZGU3MzdiZDI1NTIw"
   },
   "type":"public-key",
   "clientExtensionResults":{

   },
   "authenticatorAttachment":"platform"
}

don't know what I'm doing wrong. Thanks!

rdpascua commented 1 month ago

I encountered the same issue instead of using creationCeremony i used creationCeremony. not sure if this solves your issue

Spomky commented 1 month ago

Hi,

The options you shared seems to be for the assertion ceremony e.i. you try to authenticate a user . During this ceremony, there is no attested credential data. This object is only available during the creation ceremony (e.i. the registration of the authenticator.

See https://www.w3.org/TR/webauthn-2/#sctn-attested-credential-data

Attested credential data is a variable-length byte array added to the authenticator data when generating an attestation object for a given credential. Its format is shown in Table .

See also this conversation to understand why it is not present during the assertion ceremony.

Nevercold commented 1 month ago

Everything is clear. But what am I doing wrong in my code? The specified error occurs during the check. In the documentation is the same function that I call.

Nevercold commented 1 month ago

@Spomky?

Nevercold commented 1 month ago

I encountered the same issue instead of using creationCeremony i used creationCeremony. not sure if this solves your issue

Did you make a mistake? They are the same classes you wrote there @rdpascua

s0me0ther commented 1 month ago

creationCeremony

He meant requestCeremony instead of creationCeremony, which also solves my problem with this issue

Nevercold commented 1 month ago

creationCeremony

He meant requestCeremony instead of creationCeremony, which also solves my problem with this issue

has solved the problem. thank you

github-actions[bot] commented 3 days ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.