Comments (8)
Hello @Nevercold,
🤔 Honestly, I do not see any reason to have such weird values.
The library just receive the list of transport and use it as-it-is without modification of any kind.
I suspect a bad encoding or a modification in the way the data is fetch or saved in the DB.
Could you please share the following information?
- The raw PublicKeyCredentialSource field from your DB
- The way/library you use for saving and fetching the data
In addition, when you downgrade to the version 4.6.x, is it working as expected?
Is there any difference between existing data and new authenticators since v4.7.x?
Many thanks.
Regards.
from webauthn-framework.
Hey!
here is a stored PublicKeyCredentialSource
{
"publicKeyCredentialId": "...",
"type": "public-key",
"transports": [
"nfc",
"usY"
],
"attestationType": "basic",
"trustPath": {
"type": "Webauthn\\TrustPath\\CertificateTrustPath",
"x5c": [...]
},
"aaguid": "2fc0579f-8113-47ea-b116-bb5a8db9202a",
"credentialPublicKey": "...",
"userHandle": "OGNhM2ExOTYtY2UxMy0xMWVkLThiNTctZGU3MzdiZDI1NTIw",
"counter": 2,
"otherUI": null
}
I store the data simply via PHP-PDO and write them directly to the database. (collation utf8mb4_general_ci)
$publicKeyCredentialSource = self::authenticatorAttestationResponseValidator()
->enableMetadataStatementSupport(new MetadataStatementRepository(), new StatusReportRepository(), new PhpCertificateChainValidator(new Client(), Fido2::Psr17Factory()))
->check($authenticatorAttestationResponse,
PublicKeyCredentialCreationOptions::createFromArray($publicKeyCredentialCreationOptions), $serverRequest);
$publicKeyCredentialSource->jsonSerialize() <-- this saved to database
I just downgraded again to the 4.6.3, and there the output is also with "Y" (usY).
However, the keys were also created in this version. The same is on the 4.7.3.
The problem with the type error also only occurs on Apple devices, on all others this is not a problem, so I probably did not notice it directly when testing.
from webauthn-framework.
😬$publicKeyCredentialSource->jsonSerialize() <-- this saved to database
I think the error comes from this line. As I mentioned in another issue, jsonSerialize
is not supposed to be called directly, but used by json_encode
.
It should be json_encode($publicKeyCredentialSource)
instead -with optional flags if needed (in general, I had at least JSON_THROW_ON_ERROR)-
from webauthn-framework.
Same problem, json_encode($publicKeyCredentialSource)
just added
I also had it with json_encode at that time,
but had changed it during the upgrade (for whatever reason)
{
"publicKeyCredentialId":"...",
"type":"public-key",
"transports":[
"nfc",
"usY"
],
"attestationType":"basic",
"trustPath":{
"type":"Webauthn\\TrustPath\\CertificateTrustPath",
"x5c":[
"-----BEGIN CERTIFICATE-----....-----END CERTIFICATE-----\n"
]
},
"aaguid":"2fc0579f-8113-47ea-b116-bb5a8db9202a",
"credentialPublicKey":"...",
"userHandle":"OGNhM2ExOTYtY2UxMy0xMWVkLThiNTctZGU3MzdiZDI1NTIw",
"counter":1,
"otherUI":null
}
from webauthn-framework.
Many thanks. That is really a strange behaviour. The library does nothing with the list and the DB operations look good.
So it may come from the data received from the client.
Could you please share the options generated by the library and the authentication response as JSON objects?
I would like to make sure there is no decoding issue (maybe CBOR decoding).
Do you use MasterKale/SimpleWebAuthn directly or the stimulus controller from this project?
from webauthn-framework.
I have found the problem, it has nothing to do with this library.
I had an old function to fix the base64 padding,
that was switched in before the response was processed, and that's what caused the error.
I have now removed it and the problem is solved.
Sorry for the trouble, and thanks for the help.
from webauthn-framework.
Hi,
No problem. I am happy to read that this issue is resolved.
from webauthn-framework.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from webauthn-framework.
Related Issues (20)
- Secure Payment Request
- Webauthn\CollectedClientData::createFormJson not working HOT 2
- Paramater `residentKey` will be ignored when Initializing AuthenticatorSelectionCriteria HOT 4
- Can be removed in 4.8.x HOT 2
- MDS-Sentry Support
- Compatibility with php 7.4? HOT 4
- PublicKeyCredentialUserEntity::createFromArray uses wrong base64 decoder HOT 5
- Unable to create the response object when deserializing AttestationResponse HOT 2
- Webauthn 3
- backupEligible breakage in 4.8.0 HOT 1
- Please update docs for 4.8 (deprecations toward 5.0) HOT 8
- TypeError in AuthenticationExtensionsDenormalizer HOT 2
- Incorrect deprecations HOT 2
- How/where to report a security issue? HOT 3
- Supported versions? HOT 5
- Incorrect message for PropertyInfoExtractor HOT 3
- Move state validation back into the value objects HOT 3
- "Unable to create the response object" when adding a 1Password passkey HOT 5
- Rename Credential property `rawId` into `id` HOT 1
- WebauthnSerializerFactory cannot serialize PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn-framework.