webauthn-local-client icon indicating copy to clipboard operation
webauthn-local-client copied to clipboard

Published 20 hours ago verified publisher icon mylofi

auth verification seems to fail in firefox

Open getify opened this issue 1 year ago • 4 comments

DOMException: Data provided to an operation does not meet requirements

algo -257, so using subtleCrypto instead of sodium

getify avatar Aug 13 '24 22:08 getify

Investigated. Unfortunately, I don't think this is a bug with WALC, but with FF (and seems to affect at least windows and linux, perhaps also mac?).

Seems that the public-key (SPKI format) being returned from AuthenticatorAttestationResponse.getPublicKey() (algo COSE of -257) is not compatible with the crypto.subtle.importKey() for SPKI format and RSASSA-PKCS1-v1_5 algorithm.

See filed bug with FF for tracking/updates.

getify avatar Aug 30 '24 17:08 getify

Update: looks like the FF folks verified that they do in fact have a bug, and they're fixing it.

getify avatar Aug 31 '24 05:08 getify

Update: FF has landed a patch fixing this bug. Just waiting on a stable FF release with that update in it.

getify avatar Sep 09 '24 14:09 getify

At the time of this comment, FF 130 is stable.

Update: FF 132 is expected to have this fix in it, which my rough estimate puts at 6-12 weeks from now.

getify avatar Sep 26 '24 00:09 getify

Expected: Oct 29

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/132

getify avatar Oct 15 '24 14:10 getify

My FF (windows) has updated to version 132, and the bug's test case now passes, as well all test suite cases for this library. Closing now.

getify avatar Nov 04 '24 07:11 getify