SimpleWebAuthn icon indicating copy to clipboard operation
SimpleWebAuthn copied to clipboard
verified publisher icon MasterKale

Add cross-origin flag verification

Open MasterKale opened this issue 1 year ago • 1 comments

Describe the issue

WebAuthn L3 is being updated with explicit verification steps for the clientDataJSON.crossOrigin flag:

https://github.com/w3c/webauthn/pull/2166

I should update both verifyRegistrationResponse() and verifyAuthenticationResponse() to support verifying this flag accordingly for RP's that might care to know:

https://github.com/MasterKale/SimpleWebAuthn/blob/dc70416e781c9ab11625ba9afbf092809391874e/packages/server/src/helpers/decodeClientDataJSON.ts#L18

MasterKale avatar Oct 02 '24 19:10 MasterKale

Reopening this to take another stab. I reverted the initial attempt for now:

https://github.com/MasterKale/SimpleWebAuthn/pull/626

MasterKale avatar Oct 12 '24 05:10 MasterKale