Comments (2)
Hi @MasterKale! Thanks for your answer, I know you don't support interaction with other frameworks, but the browser library is really easy to implement. 😄 I really like it!
However, I see that the server package isn't validating the userHandle during an authentication request and therefore this change is indeed not breaking existing implementations in a definite way when using the browser and server combination. An extra decoding step (when needed for the given credential) in the backend seems to be to most logical the solution or I should an implementation for the frontend myself (or find another one elsewhere). For now, I just stick with v9. 😉 Thanks again!
from simplewebauthn.
Hello @joostdebruijn, for the record I only officially support issues with combined use of @simplewebauthn/browser and @simplewebauthn/server - the fact that browser can work with others server libraries is a happy coincidence.
That said, can you solve this with an additional base64url encode of userID, and adding an initial base64url decoding of userHandle after auth? These operations could happen on the back end.
Alternatively, this could be handled on the front end, before calling startRegistration() and startAuthentication(), so that your server receives bytes in the expected order. But I'd say you have less flexibility to do this in the front end because of fewer built-in library tools to handle this.
from simplewebauthn.
Related Issues (20)
- cross-platform authenticator usage on android 14 HOT 1
- Default `userDisplayName` to empty string when not specified HOT 1
- Handle undefined `PublicKeyCredential` in `browserSupportsWebAuthnAutofill` helper HOT 1
- Discrepancy between example code and docs HOT 4
- get public key as string
- Make rpID required when generating authentication options HOT 1
- Clean up some docstrings in @simplewebauthn/server
- Rename `AuthenticatorDevice` type and usage
- Parsing the attestation data explicitly HOT 3
- RequireUserVerification Is Not Documented HOT 2
- Investigate impact of Deno moving its std library to JSR HOT 2
- Sign-in button capabilities like in Googles Demo HOT 1
- Upgraded to 10 from 9 and iphone no longer to connect with chrome HOT 10
- StartAutentication throwing 'Cannot read properties of undefined (reading 'replace') at base64URLStringToBuffer' HOT 2
- Error: No data when runnning verifyAuthenticationResponse HOT 3
- Add support for WebAuthn's conditional create HOT 1
- Wrong authenticatorAttachment after browser->startRegistration() with YubiKey HOT 1
- Error: No date at Object.decodePartialCBOR (C:\Users\siste\Desktop\web-authentication-main\node_modules\@levischuck\tiny-cbor\script\cbor\cbor.js:355:15) HOT 3
- Registering Passkey on MacOS - ICloud results in two passkeys being created HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplewebauthn.