laravel-webauthn icon indicating copy to clipboard operation
laravel-webauthn copied to clipboard

Published 20 hours ago verified publisher icon asbiin

clientDataJSON base64 padding

Open MordiSacks opened this issue 2 years ago • 1 comments

webauthn no longer accepts padding in clientDataJSON this sould be corrected in resources/js/webauthn.js at WebAuthn.prototype._bufferEncode

a quick temp fix on project/resources/views/vendor/webauthn/authenticate.blade.php add

            data.response.clientDataJSON = data.response.clientDataJSON.replace('=', '');

to the webauthn.sign callback

https://github.com/web-auth/webauthn-framework/issues/285

MordiSacks avatar Sep 19 '22 13:09 MordiSacks

@MordiSacks I found your note helpful, thanks. Were you having an issue with the standard package functionality?

I was attempting to manually login users inside a custom controller. I noted the prepared publicKey using PrepareAssertionData::class resulted in the padding issue.

Using your quick fix got me passed the issue, without modifying any package files. I haven't dug in to see if it's a simple fix to PR just yet.

justindantzer avatar Oct 12 '22 00:10 justindantzer

I was getting the following errors:

production.ERROR: decodeNoPadding() doesn't tolerate padding {"userId":"123","exception":"[object] (InvalidArgumentException(code: 0): decodeNoPadding() doesn't tolerate padding at /app/path/vendor/paragonie/constant_time_encoding/src/Base64.php:238)

the temp fix above seems to have sorted it.

willbrowningme avatar Nov 17 '22 10:11 willbrowningme

That temporary fix did not work for me. I had to downgrade web-auth/webauthn-lib to ~4.0.5 to make it work.

emedchill avatar Jan 11 '23 14:01 emedchill