Closed wparad closed 4 months ago
Okay, the issue here was that in some cases android might encode things in an inconsistent way regarding the clientDataJSON
object, but this had to be resolved before passing the data into the library. That means the caller has to be extra careful to not muck with the inputs into this library.
This happens for multiple yubikeys and the Brave browser authenticator. All of them work through the Brave browser, but when using the cross-platform authenticators on mobile browser irrelevant all of them get invalid signatures.
Calling
await fido2lib.assertionResult(res, assertionExpectations)
:res:
AssertionExpectations:
I'm using a Pixel 8, is it the source of the problem, would seem really suspicious if it were, these same hardware devices (yubikeys through the pixel work fine) Is it possible there is a weird other flow is that is causing a problem?