-
-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"AttestationObject invalid CBOR" with integrated iOS Passkeys Attestation function #357
Comments
While I haven't tried it myself, I don't see any reason why it wouldn't work as is right now. I'm curious what you mean by |
Of course here are a example of my credential option that I get from server with the challenge and the Payload I sent to the server with the AttestationObject from the Passkey verification. CredentialOption:
Payload (like the object in the api):
And that's the error message that I receive:
|
I know, but why the apple function ASAuthorizationPlatformPublicKeyCredentialRegistration send's me this invalid credential in the app as a rawAttestationObject (this Object contains only bytes) that I convert to a base64 string. I followed the guidelines from here: https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys |
I've posted the question on the Apple developer forum now, let's see if there are some ideas why it's not working and the CBOR object is malformed |
So i decoded the object now by myself, maybe it help to find out why it not work. The decoded attestationObject: decoded authData: Is that the publickey?
The rest of the authData Object: |
By padding out the end with zeroes until the decoder is happy I can see we have format none, no attestation statement, then this for the authData:
Further tearing that apart, the first 32 bytes are the rpId hash:
That much looks reasonable, then everything goes sideways, because flags is zero and that doesn't make sense because there is more stuff at the end. I can't spot anything in there that resembles a passable credential public key. |
mmmmh that's not good 😅 What can I do so that we can find a solution to this problem? |
@aseigler I got a response on the apple developer forum, can you please take a look? He is saying that when we disable the "URL Decode" and "To Hex" steps in the cyberchef test, the attestation object return correct. result from cyberchef:
It look the same that I have decoded above. |
Looking at it again now the problem is obvious: all of the various fields that are required by spec to be base64 URL encoded are all standard base64 encoded instead. No clue why I didn't see that before. |
@aseigler I will try to figure out a way to discover this and help users figure it out. This is such a source of confusion and so easy to get wrong. |
@abergs have you already found something how to get it working in my iOS project? |
@androidseb25 Actually @aseigler already found your problem, the data is base64 encoded when it should be base64url encoded. My comment was rather a way for us to discover this on the server and return a better error message. |
thank you for this thread. I ran into the exact same invalid CBOR problem when integrating iOS, and indeed switching from base64 to base64urlencoded resolved the issue! |
Hi I'm trying to use the lib with the integrated passkey function from Apple under iOS.
Every time I try to complete the registration I get a CBOR error from the lib with following response "AttestationObject invalid CBOR (Declared definite length of CBOR data item exceeds available buffer size.)"
When I try this in the browser it works.
Is there a solution for this or does this library not work with the iOS passkeys?
The text was updated successfully, but these errors were encountered: