-
-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in verifyAttestationResponse when using apple format and FaceID/TouchID sometimes not showing up #61
Comments
At first blush, |
Hmm, I'm having trouble reproducing this on my end. I duplicated your exact attestation options via the example server I provide in this monorepo with server@0.10.1, but everything is working as expected. Safari prompted for Face ID on the first registration attempt, and the attestation verified correctly: On a lark I tried downgrading to server@0.10.0 and it errored out as expected (this is what prompted the release of v0.10.1): There's one more thing I can try... |
I have no idea what's going on. I tried installing v0.10.0, confirmed it was broken, then upgraded in-place to v0.10.1. After upgrading (previously I had been running Can you try clearing out node_modules, re-running |
This issue can be fixed by not using Turning userVerification back on does not fix the error. I am using
iOS Version: 14.0.1 (iPhone XR) |
For face/touch ID to show up in the dialog, the webauthn create/get methods need to be called in a handler that is user initiated, e.g. in a click handler. If you call these methods automatically (on load) it will only show the security key option. |
Thanks for the info, that’s good to know. I call them inside a vue |
This assumption was wrong. I have set |
Using TouchID on iPad 6 (2018) or FaceID on iPhone xR both result in the error |
Another reason why FaceID was not showing up in the list was because Apple does not support async event handlers completely. |
After hours of debugging @MasterKale and I figured out that the root cause of the issue is using the So to sum things upIssue 1 (Error: Cannot get schema for 'Certificate' target)This is a dependency issue when using the
Issue 2 (FaceID / TouchID not showing up in list)
Maybe it is worth adding those hints to the docs? @MasterKale |
I don't use Yarn myself so this was certainly an interesting error to debug. Regarding the
So maybe this becomes a documentation update? I'm still investigating. As for the Safari issues, that knowledge can probably be captured in the docs site as you suggested @P4sca1. I'll start drafting something. |
Issue 1 should be fixed with the new server@0.10.2 I just published. I went ahead and updated the ASN.1 parsing libraries so everything is using the same version, sub-dependencies included. No one should have to add Issue 2 will be addressed with an eventual docs update to the homepage. |
The Safari-specific gotchas captured in @P4sca1's Issue 2 have been captured here: https://simplewebauthn.dev/docs/advanced/safari-browser |
Thanks! Great new docs by the way :) |
Unfortunately, this happened again. I'm getting the issue 1 error again, but I was able to solve it by adding a resolution and force it to install |
@Ponjimon (and maybe @P4sca1 too) I just published @simplewebauthn/server@v0.10.4 that un-pins its dependencies including the
Can you try out your projects with this latest release and see if this more completely resolves Issue 1 without needing to resort to |
I'm assuming no news is good news so I'm closing this issue. |
Sorry, didn’t had time to test this. I will open a new issue if the issue occurs again. Thanks for your effort! |
There is an error thrown in
verifyAssertionOptions
when using apple FaceID to solve the attestation request.Attestation options:
Attestation response (SimpleWebAuthn Debugger link)
Error:
Also I noticed that you need to start the attestation 2 times to be able to use FaceID. In the first attempt, Safari only asks for a security key. Only when you cancel and restart the attestation, you can select from security key and FaceID.
I don`t know whether this is an issue with the attestation options or with Safari.
The text was updated successfully, but these errors were encountered: