Open PhilETaylor opened 2 years ago
Hi,
Thank you for reporting this issue. More and more servers become fully compliant with the Webauthn specification. This frontend library is not. For the moment, I would suggest you to use https://github.com/MasterKale/SimpleWebAuthn which is really great. I will certainly update this library, but I cannot say when.
Absolutely no worries :-) I just converted the incoming request back to base64url myself and my app is up and running again and working :) but wanted to ensure that it was logged - as others will probably get the same issue eventually.
Certainly zero pressure from me for a fix here :) Thanks for your work, saved me hours not having to reinvent the wheel.
@Spomky maybe it's an idea to link to this other library the docs of the PHP library since I just ran into this while following the instructions: https://webauthn-doc.spomky-labs.com/prerequisites/javascript.
on login recently Im getting errors about
Invalid Base 64 Url Safe character
Note the issue is intermittent because not every string encoded by this lib will result in a string with banned chars in it. The example below is a good example where each string ends in a
=
which is invalid for abase64url
This was all working well, until a few days ago when one of the web-auth libs upgraded.
On inspecting the signed request I note that the values are base64 encoded and not base64url encoded... (evidenced by appended equals signs which are invalid for
base64url
encoded)If I manually convert those from base64 to base64url then the exception is resolved and I can login again.
I think the problem might be this comment being incorrect:
// Converts an array of bytes into a Base64Url string
https://github.com/web-auth/webauthn-helper/blob/e30930982857d9b57f188878cb1a53e3e771e099/src/common.js#L36-37
According to https://developer.mozilla.org/en-US/docs/Web/API/btoa
That to me sounds like a
base64
and not abase64url
despite the comment telling me that is should return abase64url
my stack is symfony 6.1 with
Sentry.io Stack Trace for reference https://sentry.io/share/issue/e173edee1abc4c6693ef24ee8a68644e/ (click FULL once page loaded)