From 7cb1d92b158b07f6626ec7c886db1a2c3f5dc784 Mon Sep 17 00:00:00 2001 From: Dusan Jakub Date: Mon, 16 Oct 2023 11:44:05 +0200 Subject: [PATCH] passwordless: labels and better deserializing of authData --- .../OAuthResource/loginPasswordless.html | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/main/resources/templates/OAuthResource/loginPasswordless.html b/src/main/resources/templates/OAuthResource/loginPasswordless.html index d9fd3b5..4dee6c2 100644 --- a/src/main/resources/templates/OAuthResource/loginPasswordless.html +++ b/src/main/resources/templates/OAuthResource/loginPasswordless.html @@ -111,7 +111,7 @@ requireResidentKey: A resident (private) key, is a key that cannot leave your authenticator device, this means that you cannot reuse the authenticator to log into a second computer. Here, it is not required.

- userVerification: User verification is the technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations. User verification MAY be instigated through various authorization gesture modalities; for example, through a touch plus pin code, password entry, or biometric recognition (e.g., presenting a fingerprint). It can be "required", "preferred" or "discouraged". + userVerification: User verification is the technical process by which the user locally authorizes themselves. User verification typically involve a touch plus pin code, password entry, or biometric (face, fingerprint, ...). User verification check is stronger than a mere user presence, in which the user just confirms the operation, e.g. by pressing a simple button.

  • @@ -236,7 +236,7 @@

  • attestationObject

    - This is a base64 encoded binary representation of an attestation statement. The attestation statement is produced by the authenticator to prove to the relying party (e.g., a website) that a new public key credential has been created in the authenticator. It typically contains details about the authenticator, a freshly generated public key for the user, some metadata, and a signature from the authenticator. It is CBOR encoded. + This is a base64 encoded binary representation of an attestation statement. The attestation statement is produced by the authenticator to prove to the relying party (e.g., a website) that a new public key credential has been created in the authenticator. It is CBOR encoded.

    The authData is binary encoded and contain the actual public key, but also more flags and info about the authentication:

    @@ -345,7 +345,7 @@

  • authenticatorData

    - This contains information about the authentication event. It typically includes the hash of the clientDataJSON, a sign count (to protect against clone attacks), and other data relevant to the authentication process. + This contains information about the authentication event.

    It is binary encoded and this time does not contain the public key:

    @@ -560,9 +560,14 @@ $("#navigator-attestation-body").html(JSON.stringify(response, null, 2)); $("#navigator-attestation-clientDataJSON").html(JSON.stringify(JSON.parse(tryDecodeBase64(response.response.clientDataJSON)), null, 2)); let attestationObject = CBOR.decode(WebAuthn.base64ToBuffer(response.response.attestationObject)); - let authData = parseAuthenticatorData(attestationObject.authData); + let authDataRaw = attestationObject['authData']; + + if (authDataRaw) { + let authData = parseAuthenticatorData(authDataRaw); + $("#navigator-authData").html(JSON.stringify(authData, null, 2)); + attestationObject['authData'] = WebAuthn.bufferToBase64(authDataRaw) + } $("#navigator-attestationObject").html(JSON.stringify(attestationObject, null, 2)); - $("#navigator-authData").html(JSON.stringify(authData, null, 2)); return continueButton("#navigator-attestation", response); }