-
-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem when registering new users on Windows #214
Comments
Hi @lea-ger, I am sorry but I cannot reporduce the issue on my computer (Windows 11)
Both are JSON objects |
Hello @Spomky,
In this case, it resulted in this response:
|
Many thanks. The structure looks good, but the attested credential data returned by the authenticator has an invalid public key ID length (43793 bits is way too long) The authenticator data (in hex, spaces added) is
What is your authenticator manufacturer (computer brand/TPM chip)? Could you please test with a roaming authenticator (USB/BLE interface) and Windows Hello? |
The computer itself is a HP notebook and the TPM chip was manufactured by AMD. Using a roaming authenticator (in this case I used a Yubico Security Key NFC) doesn't seem to work for me either. Here is the authenticator response:
|
Hi, Many thanks for the details. I extracted the attestation object and I am still facing the same issue. So for me the issue comes from the client (web browser). I found that issue on Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1554397 Can you tell me if you are using Firefox? If yes, can you test with another browser and confirm if it fails or not? Many thanks. |
Hi, yes, I am using Firefox and indeed that seems to be the issue. I was able to successfully register using MS Edge. Thanks a lot for your help and your patience! |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi,
I am trying to use this package and always run into an issue when trying to register new users. This issue seems to only appear when using Windows Hello, as I've tested this on a colleague's MacBook and it worked there seamlessly. I first thought that this was an issue with my configuration but it appears that the same issue can be found on the demo page (see screenshot below).
The issue seems to be the attestationObject's credential length which is used in AttestationObjectLoader::109, the byte length read from the StringStream is way too large. I'm not too well versed on the inner workings of the package or the details of the inner workings of WebAuthn authentication, so I'm afraid this is all I can provide as help to find the reason for this issue. But it might be related to this issue.
Here is an extract of a stacktrace I'm getting:
[2022-04-01 18:12:37] local.ERROR: Out of range. Expected: 35079, read: 289. {"userId":1,"exception":"[object] (Assert\InvalidArgumentException(code: 37): Out of range. Expected: 35079, read: 289. at C:\Users\Leander\PhpstormProjects\brezel\api\vendor\beberlei\assert\lib\Assert\Assertion.php:2728)
[stacktrace]
#0 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\beberlei\assert\lib\Assert\Assertion.php(840): Assert\Assertion::createException('\xCCS\x84@3\x11P\x19\x7F\xE4\xB3\x90\x8FY\x90...', 'Out of range. E...', 37, NULL, Array)
#1 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\StringStream.php(58): Assert\Assertion::length('\xCCS\x84@3\x11P\x19\x7F\xE4\xB3\x90\x8FY\x90...', 35079, 'Out of range. E...', NULL, '8bit')
#2 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\AttestationStatement\AttestationObjectLoader.php(109): Webauthn\StringStream->read(35079)
#3 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\PublicKeyCredentialLoader.php(139): Webauthn\AttestationStatement\AttestationObjectLoader->load('o2NmbXRkbm9uZWd...')
#4 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\PublicKeyCredentialLoader.php(100): Webauthn\PublicKeyCredentialLoader->createResponse(Array)
#5 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\PublicKeyCredentialLoader.php(120): Webauthn\PublicKeyCredentialLoader->loadArray(Array)
#6 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\web-auth\webauthn-lib\src\Server.php(256): Webauthn\PublicKeyCredentialLoader->load('{"id":"xYZ74Bvm...')
#7 C:\Users\Leander\PhpstormProjects\brezel\api\app\Http\Controllers\GeneralController.php(424): Webauthn\Server->loadAndCheckAttestationResponse('{"id":"xYZ74Bvm...', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest))
#8 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\laravel\framework\src\Illuminate\Routing\Controller.php(54): App\Http\Controllers\GeneralController->registerWebauthnResponse(Object(Illuminate\Http\Request), Object(App\System\System))
#9 C:\Users\Leander\PhpstormProjects\brezel\api\vendor\laravel\framework\src\Illuminate\Routing\ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction('registerWebauth...', Array)
To Reproduce
Go to https://webauthn.spomky-labs.com/register and try to register using Windows Hello.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: