Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error registering a security key when requesting resident key #104

Open
MxBlu opened this issue Aug 15, 2022 · 1 comment
Open

Error registering a security key when requesting resident key #104

MxBlu opened this issue Aug 15, 2022 · 1 comment

Comments

@MxBlu
Copy link

MxBlu commented Aug 15, 2022
edited
Loading

Hi there,

I was interested in using the standard to implement both passwordless login as well as usernameless login, so I created a demo for it which allowed both forms: https://github.com/MxBlu/fido-poc

Unfortunately I've found that when requiring a resident key, the response cannot be parsed by the server using attestationResult():

Error: couldn't parse authenticator.authData.attestationData CBOR: Error: Data read, but end of buffer not reached
    at PublicKey.fromCose (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:1010:10)
    at parseAuthenticatorData (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:2898:19)
    at parseAuthnrAttestationResponse (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:2845:12)
    at Fido2AttestationResult.parse (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:3035:27)
    at async Fido2AttestationResult.create (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:3004:3)
    at async Function.create (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:3050:10)
    at async Fido2Lib.attestationResult (\x\fido-poc\backend\node_modules\fido2-lib\dist\main.cjs:5465:10)

I can debug JS code, but decoding the CBOR response is out of my expertise sadly. Any insight would be much appreciated!

The issue can be reproduced with my demo by setting FIDO2_REQUIRE_RESIDENT_KEY = true in backend/src/constants.ts.

Options object passed to nagivator.credentials.create():

{
  "publicKey": {
    "rp": {
      "name": "MxBlue Server",
      "id": "fido.mxblue.net.au"
    },
    "user": {
      "id": {},
      "displayName": "mxblue",
      "name": "mxblue-150822-3"
    },
    "challenge": {},
    "pubKeyCredParams": [
      {
        "type": "public-key",
        "alg": -7
      },
      {
        "type": "public-key",
        "alg": -257
      }
    ],
    "timeout": 120000,
    "attestation": "none",
    "authenticatorSelection": {
      "requireResidentKey": true
    }
  }
}

Environment details:

  • Browser: Version 104.0.5112.81 (Official Build) (64-bit)
  • OS: Windows 11 Insider Build 25179.1000
  • Security key: Yubikey 5
@Hexagon
Copy link
Member

Hexagon commented Sep 1, 2022

@MxBlu Do the fix in PR #105 released in [email protected] change the outcome of this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hexagon @MxBlu