The nonce verses the calculated one is here:
qYkhbhAq3oeUy9Umy0cGS8xNY5bVks9EwZPv2B1HS6E=
versus: Lz33Fp8WyXCAB9t7Fk2N3J58XA9RfveYbCY1hCcTT2g=
The code contains this comment, we've reviewed the proceedure from https://www.w3.org/TR/webauthn/#android-safetynet-attestation and it looks like it should be correct, but we can't justify why this would be a problem. Any insight would be appreciated here.
We got this request which we believe is 100% valid, but it fails nonce validation.
Attestation:
The nonce verses the calculated one is here:
qYkhbhAq3oeUy9Umy0cGS8xNY5bVks9EwZPv2B1HS6E=
versus:Lz33Fp8WyXCAB9t7Fk2N3J58XA9RfveYbCY1hCcTT2g=
The code contains this comment, we've reviewed the proceedure from https://www.w3.org/TR/webauthn/#android-safetynet-attestation and it looks like it should be correct, but we can't justify why this would be a problem. Any insight would be appreciated here.