Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose AuthenticatorResponse methods? #25

Open
lgarron opened this issue Jul 23, 2020 · 5 comments
Open

Expose AuthenticatorResponse methods? #25

lgarron opened this issue Jul 23, 2020 · 5 comments

Comments

@lgarron
Copy link
Contributor

lgarron commented Jul 23, 2020
edited

Chrome 85 is adding:

  • getPublicKey()
  • getPublicKeyAlgorithm()
  • getAuthenticatorData()

There's also getTransports().

https://w3c.github.io/webauthn/#iface-authenticatorattestationresponse

We could:

  • Not expose these.
  • Expose the actual WebAuthn API response object so that the user can call anything they want on it. (We may want to expose our base64url conversion to help with this.)
  • Forward the available methods without modification.
  • Proxy any available methods, converting to baseurl64.
  • Always call these methods, and attach the results (we do this for getClientExtensionResults() already).

The latter is the most convenient, but it results in extra data. The simple use case for @github/webauthn-json is to send the results to the server, which still has to process the response from CBOR. These methods would not really be useful for this case.

However, there are cases where you might want to do some or all processing on the client side, where this could save code.
@lgarron lgarron changed the title Expose new methods? Expose AuthenticatorResponse methods? Jul 23, 2020
@lgarron
Copy link
Contributor Author

lgarron commented Jul 23, 2020

If anyone would like to be able to use these, it would help if you could leave a comment to let us know! Otherwise this might not be a priority.

@epheat
Copy link

epheat commented Aug 5, 2020

I would love to see getTransports() exposed in the attestation response. Perhaps just as a field called "transports".

@emlun
Copy link
Contributor

emlun commented Jun 8, 2021

I agree with adding the transports field to the AuthenticatorAttestationResponse value (perhaps conditionally, if the client provides the method). The WebAuthn spec now recommends all RPs to store the getTransports() result, so I think it makes sense to support that here.

I'm also willing to contribute a PR to make that happen. 🙂 I was about to reference webauthn-json in the java-webauthn-server quickstart instructions - in order to get transports and extensions and all that through, but avoid the base64 (de)coding distractions - but unfortunately that won't quite work without this.

@lgarron
Copy link
Contributor Author

lgarron commented Jun 9, 2021

I agree with adding the transports field to the AuthenticatorAttestationResponse value (perhaps conditionally, if the client provides the method). The WebAuthn spec now recommends all RPs to store the getTransports() result, so I think it makes sense to support that here.

I'm also willing to contribute a PR to make that happen. 🙂 I was about to reference webauthn-json in the java-webauthn-server quickstart instructions - in order to get transports and extensions and all that through, but avoid the base64 (de)coding distractions - but unfortunately that won't quite work without this.

I think a PR to add transports would be great!

@emlun emlun mentioned this issue Jun 9, 2021
Merged
@emlun
Copy link
Contributor

emlun commented Jun 11, 2021

Alright, PR is open: #44 ! 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lgarron @emlun @epheat