koesie10 / webauthn Goto Github PK

#koesie10/webauthn-demo:1

When I was trying to register with Windows Hello, I got the following error:

then I added these code:

{
	Type:      protocol.PublicKeyCredentialTypePublicKey,
	Algorithm: protocol.RS256,
},

in PubKeyCredParams:

Then the error disappeared, but I got an error while finishing the registration (running WebAuthn.ParseAndFinishRegistration()) at line 132:

the a.Fmt was none.

When I added the code after line 131, in the if statement:

fmt.Println(a)

I got:

{none {[73 150 13 229 136 14 140 104 116 52 23 15 100 118 96 91 143 228 174 185 162 134 50 199 153 92 243 186 131 29 151 99] 69 0 {[8 152 112 88 202 220 75 129 182 225 48 222 80 220 190 150] [128 130 138 131 9 189 56 216 26 246 190 158 248 45 191 164 84 166 213 131 62 181 18 46 113 12 28 137 121 0 109 91] 0xc000591f20} [73 150 13 229 136 14 140 104 116 52 23 15 100 118 96 91 143 228 174 185 162 134 50 199 153 92 243 186 131 29 151 99 69 0 0 0 0 8 152 112 88 202 220 75 129 182 225 48 222 80 220 190 150 0 32 128 130 138 131 9 189 56 216 26 246 190 158 248 45 191 164 84 166 213 131 62 181 18 46 113 12 28 137 121 0 109 91 165 1 2 3 38 32 1 33 88 32 217 145 48 116 108 253 35 25 94 92 211 105 11 171 14 210 166 187 234 244 11 98 139 121 164 113 221 85 67 162 231 185 34 88 32 247 33 217 249 92 143 250 186 2 86 77 210 126 150 173 2 255 141 59 201 39 82 166 104 190 125 179 18 199 101 148 97]} map[]}

Chrome 121.0.6167.86.

Update: Same problem on Firefox 116.0.3 (64 bit)

I have a question about the definition of id in GetAuthenticator (

Should this not state WebAuthCredentialID is the reference ID ? Since (I assume) Authenticator.WebAuthID is inherently the same as User.WebAuthID and thus by definition using WebAuthID be expected to return multiple authenticators (i.e. behavior of GetAuthenticators(user User) and the only way to retrieve one authenticator would be using WebAuthCredentialID.

Hi,

This issue was previously submitted on webauthn-demo repo. i think it is more relevant to be issued here

When trying this demo via touch id on macbook, I got this error:

Failed to register: Error: Bad Request

Debugging on registration.go: line 128 showing:

unsupported format self attestation

I believe it requires packed + self (surrogate) attestation for this. There's article for the implementation by Ackermann Yuriy here

what's missing?

Hi! Thanks for making github.com/koesie10/webauthn.

Currently, the only reason to depend on gopkg.in/square/go-jose.v2 is to support Android SafetyNet Attestation Statements. Since some folks don't care about attestation, would you be open to moving the code for attestation formats (attestation_android_safetynet.go, attestation_fido.go, and attestation_packed.go) to a separate package? People who want attestation support could import this package from package main with a blank identifier (similar to how SQL drivers are registered). Then the people who don't want attestation wouldn't need dependencies like gopkg.in/square/go-jose.v2.