Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about addition of credential.getClientExtensionResults() on registration object #15

Closed
mattmazzola opened this issue Jan 2, 2023 · 2 comments
Closed

Question about addition of credential.getClientExtensionResults() on registration object #15

mattmazzola opened this issue Jan 2, 2023 · 2 comments

Comments

@mattmazzola
Copy link
Contributor

Related to #14, I as I was looking at the available data and which pieces of information I could use as user id. I came across:
PublicKeyCredential/getClientExtensionResults

I wondered if it could be used here to supply "extra" data to the returned object. I'm not very familiar with these APIs so perhaps it is not useful, but I thought it was worth asking. Can close if it's not applicable.

webauthn/src/client.ts

Lines 110 to 119 in f6e63f0

let registration :RegistrationEncoded = {
username: username,
credential: {
id: credential.id,
publicKey: utils.toBase64url(response.getPublicKey()),
algorithm: getAlgoName(credential.response.getPublicKeyAlgorithm())
},
authenticatorData: utils.toBase64url(response.getAuthenticatorData()),
clientData: utils.toBase64url(response.clientDataJSON),
}

@dagnelies
Copy link
Collaborator

Hi.

I feel like there are some things mixed up in the question, or I perhaps misinterpreted it.

  1. First, a user might have multiple credentials. Basically, one per device.
  2. I think it is better to let the user freely choose a username and use it as id directly, then associate all credentials of the user with that account. The webauthn protocol itself will not provide you a user "id", how could it? It will only provide an "id" of the key pair it generated.
  3. Currently, protocol extensions are not supported in this library but I would be wary of their proper support across all browsers/platforms/devices.

@mattmazzola
Copy link
Contributor Author

The webauthn protocol itself will not provide you a user "id", how could it?

Yes, I didn't expect webauthn to be providing it, but in #14 I saw the library is defining an ID and I had proposed exposing it and this caused me to think about what other data could be on the returned registration object.

protocol extensions are not supported in this library but I would be wary of their proper support across all browsers/platforms/devices

Ok, yes, having wide support seems like good concern for something like authentication. I will close then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattmazzola @dagnelies