Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate_user_handle() produce value will exceed length 64 limit after serialize by options_to_json. #199

Closed
ninochang opened this issue Jan 16, 2024 · 4 comments
Closed

generate_user_handle() produce value will exceed length 64 limit after serialize by options_to_json. #199

ninochang opened this issue Jan 16, 2024 · 4 comments

Comments

@ninochang
Copy link

ninochang commented Jan 16, 2024
edited
Loading

According to spec user_id should not exceed 64 bytes

Reproduce

I use version 2.0.0

import webauthn

options = webauthn.generate_registration_options(
    rp_id='localhost',
    rp_name='localhost',
    user_name='user_name',
)

print(webauthn.helpers.options_to_json(options))

the result will be

{"rp": {"name": "localhost", "id": "localhost"}, "user": {"id": "o30OjWUT0hV3jArDj_8u4uh6wzHJJ75K0DnUtXtot2OoJROZ_svHiHZZGml7rW-vW2CfVYxVpdn5kBOuX1hY2Q", "name": "user_name", "displayName": "user_name"},
"challenge": "Zz5R-TQh6OghngQkbCLR_15dSl-wxUYrgtm37CRFTnGPOun7S21qcgmNmEGdxo0638Y3U4TOJOaGo2VI_IkPWA", "pubKeyCredParams": [{"type": "public-key", "alg": -7}, {"type": "public-key", "alg": -8}, {"type":
"public-key", "alg": -36}, {"type": "public-key", "alg": -37}, {"type": "public-key", "alg": -38}, {"type": "public-key", "alg": -39}, {"type": "public-key", "alg": -257}, {"type": "public-key", "alg":
-258}, {"type": "public-key", "alg": -259}], "timeout": 60000, "excludeCredentials": [], "attestation": "none"}

the value user.id is o30OjWUT0hV3jArDj_8u4uh6wzHJJ75K0DnUtXtot2OoJROZ_svHiHZZGml7rW-vW2CfVYxVpdn5kBOuX1hY2Q and it's over 64 bytes.

Expected result

the value of user.id should be with in 64bytes and I should able to pass the result to client.
@ninochang ninochang changed the title generate_user_handle() produce value will exceed length 64 limit after serialize by options_to_json. generate_user_handle() produce value will exceed length 64 limit after serialize by options_to_json. Jan 16, 2024
@MasterKale
Copy link
Collaborator

MasterKale commented Jan 16, 2024
edited
Loading

The use of base64url here is just to make it easy to get those bytes from the front end to the back end. You'll need to base64url-decode user.id into a Uint8Array to correctly call WebAuthn as per the spec. Once you've decoded the string on the front end you'll end up with 64 bytes as expected.

@ninochang
Copy link
Author

ok thanks for explanation

@rimu rimu mentioned this issue Mar 6, 2024
Closed
@rimu
Copy link

rimu commented Mar 6, 2024

I had the same problem. My solution is to write my own generate_user_handle() that returns 45 bytes instead.

def generate_user_handle() -> bytes:
    return secrets.token_bytes(45)

then use that when calling generate_registration_options(), like this

options = generate_registration_options(user_id=generate_user_handle(), ...)

@MasterKale
Copy link
Collaborator

MasterKale commented Mar 6, 2024
edited
Loading

@rimu Your issue is related to the fact that @simplewebauthn/browser is treating the base64url-encoded user.id in the JSON registration options here from py_webauthn as a UTF-8 string. Once I tackle MasterKale/SimpleWebAuthn#530 over in SimpleWebAuthn you'll stop having this issue because startRegistration() will handle user.id as a base64url string.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rimu @MasterKale @ninochang