-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Callback handling - why base64 encode rawId instead of using id #119
Comments
Great callout, after using this template as inspiration for my own implementation I came back to make this same issue. Hopefully folks in the future will see this and understand that they can simplify the implementation a bit by using |
@Brantron have you seen a refreshed implementation on the client side anywhere? I don't use UJS, only Turbo + Stimulus, so I need to refactor all the xhr eventing. I suppose I should just start fresh, using https://github.com/github/webauthn-json/blob/main/src/dev/demo/index.ts as a guide |
First, thanks for the implementation! Carefully written, also the test was really helpful!
By the way, when I read the credential callback implementation:
webauthn-rails-demo-app/app/controllers/credentials_controller.rb
Line 27 in d9b73e2
Why do we have to base64 encode the
rawId
? Why not usewebauthn_credential.id
straight away?As written in spec,
id
isbase64(rawId)
already. By manuallybase64(rawId)
and save it to the database, what benefit do we have over savingid
?https://www.w3.org/TR/credential-management-1/#dom-credential-id
Beside, in
session_controller
we use the base64 encodedrawId
to create allow list and send to authenticator.webauthn-rails-demo-app/app/controllers/sessions_controller.rb
Line 11 in d9b73e2
So overall, save
id
returned from authenticator then using thatid
to send back to authenticator make sense to me.The text was updated successfully, but these errors were encountered: