Comments (10)
Hey all, I asked around last week and ended up reporting this as a Chromium issue here:
https://issues.chromium.org/issues/346835891
I'm still considering updating SimpleWebAuthn, but I also might just document this as a known issue with Chrome and advise RPs to set displayName
to a non-empty string till Chrome gets fixed.
from simplewebauthn.
I see you're using server@10 but browser@9. I wonder if something during hybrid is falling over because user.id ends up greater than 64 bytes coming out of generateRegistrationOptions()
. browser@9 treats user.id
as a UTF-8 string, it's browser@10 that will correctly base64url-decode user.id
to <= 64 bytes.
Can you provide the output of that call to generateRegistrationOptions()
? I think that'll help troubleshoot things further.
from simplewebauthn.
Blah I’m sorry I copied it from the diff , browser was 10 , I’ll get that output here soon
from simplewebauthn.
updated to show thati was using the 10 V for the browser, let me see if i can get the output
from simplewebauthn.
// Registration Options
{
"challenge": "B6pyIkuOvFU8tor2nDSs6aYyMEdrcws-P4KsVB6m6Ww",
"rp": {
"name": "EXTRACTED",
"id": "EXTRACTED.loca.lt"
},
"user": {
"id": "MHlWTmtiWDAwRnI",
"name": "[email protected]",
"displayName": ""
},
"pubKeyCredParams": [
{
"alg": -8,
"type": "public-key"
},
{
"alg": -7,
"type": "public-key"
},
{
"alg": -257,
"type": "public-key"
}
],
"timeout": 60000,
"attestation": "direct",
"excludeCredentials": [],
"authenticatorSelection": {
"residentKey": "required",
"userVerification": "required",
"requireResidentKey": true
},
"extensions": {
"credProps": true
}
}
from simplewebauthn.
i went to https://webauthn.io/ the i noticed it had displayName
set. so i added it and now it works. May want to mark that as non optional now?
from simplewebauthn.
Whoops, this is a case of me getting out ahead of browsers updating to reflect the latest behavior in the draft of WebAuthn L3 (we changed things to make it okay for displayName to be an empty string https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname.) I must have caused this when I addressed #536. It seems I'll have to revert that change for now 😞
from simplewebauthn.
Hello @lukepolo, I confirmed the behavior on my end:
Setting a value for userDisplayName
when calling generateRegistrationOptions()
fixed it for me too:
I'll work to get a fix out for this over the weekend, thanks for your patience.
from simplewebauthn.
Hi @lukepolo thanks for Highlighting this. I also currently have this problem. @MasterKale Thanks for your prompt reaction to this ❤️.
from simplewebauthn.
Alright, I got around to updating the docs with temporary troubleshooting info for this issue:
I'll update the guidance once the Chromium bug gets fixed (it'll stick around but at least I can say "this only affects Chrome older than xxx".)
I'm going to close this out for now. Thanks again for your patience.
from simplewebauthn.
Related Issues (20)
- Remove footgun related to random user IDs HOT 16
- Update `getWebCrypto()` for Node 20 HOT 2
- cross-platform authenticator usage on android 14 HOT 1
- Default `userDisplayName` to empty string when not specified HOT 1
- Handle undefined `PublicKeyCredential` in `browserSupportsWebAuthnAutofill` helper HOT 1
- Discrepancy between example code and docs HOT 4
- get public key as string
- Make rpID required when generating authentication options HOT 1
- Clean up some docstrings in @simplewebauthn/server
- Rename `AuthenticatorDevice` type and usage
- Parsing the attestation data explicitly HOT 3
- Changed userHandle behavior v10 breaks definitely with existing registrations HOT 2
- RequireUserVerification Is Not Documented HOT 2
- Investigate impact of Deno moving its std library to JSR HOT 2
- Sign-in button capabilities like in Googles Demo HOT 1
- StartAutentication throwing 'Cannot read properties of undefined (reading 'replace') at base64URLStringToBuffer' HOT 2
- Error: No data when runnning verifyAuthenticationResponse HOT 2
- Add support for WebAuthn's conditional create HOT 1
- Wrong authenticatorAttachment after browser->startRegistration() with YubiKey
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplewebauthn.