Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing the attestation data explicitly #560

Closed
wparad opened this issue Apr 14, 2024 · 3 comments
Closed

Parsing the attestation data explicitly #560

wparad opened this issue Apr 14, 2024 · 3 comments

Comments

@wparad
Copy link

wparad commented Apr 14, 2024

We would like to easily parse the attestation data, but the library does not expose an explicitly method to do this. Right now that means we need to almost fake calling verifyRegistrationResponse again with the right inputs whenever we want this. It would be really great to have the method to parse the attestation data available on the exposed interface.
@MasterKale
Copy link
Owner

MasterKale commented Apr 15, 2024
edited
Loading

Check out decodeAttestationObject() and parseAuthenticatorData() exported from @simplewebauthn/server/helpers. Do either of those help you achieve your goals? There are many other helpers exported from there that you might find interesting too:

SimpleWebAuthn/packages/server/src/helpers/index.ts

Lines 18 to 38 in b299b51

export {
convertAAGUIDToString,
convertCertBufferToPEM,
convertCOSEtoPKCS,
cose,
decodeAttestationObject,
decodeClientDataJSON,
decodeCredentialPublicKey,
generateChallenge,
generateUserID,
getCertificateInfo,
isCertRevoked,
isoBase64URL,
isoCBOR,
isoCrypto,
isoUint8Array,
parseAuthenticatorData,
toHash,
validateCertificatePath,
verifySignature,
};

@wparad
Copy link
Author

wparad commented Apr 15, 2024
edited
Loading

Hmmm, I didn't realize it was a separate export in the package.json. Maybe there is a better way to do this, but this seems a bit annoying:

parseAuthenticatorData(
    decodeAttestationObject(
        new Uint8Array(base64url.toBuffer(attestation))
    ).get('authData'));

And I will also add that depending on the usage, callers of the library might need to explicitly exclude lint issues with:

"node/no-missing-require": ["error", {
      "allowModules": ["@simplewebauthn/server"]
    }]

Link to issue with require statements in eslint

I would have expected a single method that takes in the attestation in the same format as verifyRegistrationResponse which is base64url and returns the same object that is the response RegistrationData without needing to stack these methods or know to convert to a Uint8Array.

But I guess this is technically already supported, so we can close it.

@MasterKale
Copy link
Owner

Thanks for the feedback @wparad. These helpers are used internally by the various option-generation and response-verification methods that represent the core methods of the @simplewebauthn/server package. I make them available via the helpers import for those who are intrepid enough to break out of the core WebAuthn use cases, so a bit of extra work should always be expected when using them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wparad @MasterKale