You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello all! The spec indicates that during registration RPs should store the public key and credential ID. Later it says that during authentication the RP should verify that the authenticator produced a valid signature using the public key.
It seems to me like the RP should also store the signature algorithm (credentialPublicKey.alg) during registration in order to know how to properly verify assertion signatures for a given credential, since the algorithm is not provided in the PublicKeyCredential object received during authentication.
Does that seem correct?
The text was updated successfully, but these errors were encountered:
... register the new credential with the account that was denoted in the options.user passed to create(), by associating it with the credentialId and credentialPublicKey ...
Thanks for the fast clarification @emlun and @equalsJeffH! You both are correct, I was not thinking about the 'credentialPublicKey' as an object. Closing.
Hello all! The spec indicates that during registration RPs should store the public key and credential ID. Later it says that during authentication the RP should verify that the authenticator produced a valid signature using the public key.
It seems to me like the RP should also store the signature algorithm (
credentialPublicKey.alg
) during registration in order to know how to properly verify assertion signatures for a given credential, since the algorithm is not provided in thePublicKeyCredential
object received during authentication.Does that seem correct?
The text was updated successfully, but these errors were encountered: