webauthn-ruby icon indicating copy to clipboard operation
webauthn-ruby copied to clipboard
verified publisher icon cedarcode

Set user_handle to nil for non-string data type

Open elquimista opened this issue 2 years ago • 2 comments

Current code expects userHandle value in string data type and it seems to work fine at least for desktop web browsers. I tested with Yubikey 5C NFC and it returns an empty string '' for userHandle. However, when I tested on mobile browsers (e.g., iOS Safari), it is returned with an empty object {} rather than an empty string, which causes an error in the backend code trying to encode a Hash object instead of a String object.

Screenshot 2023-06-07 at 6 25 10 PM

Because of this, I had to do a simple workaround temporarily in one of my client application.

I don't know if this suggestion is a right approach but at least it fixes my problem. Please let me know if there is a better approach. I am not an expert when it comes to webauthn.

elquimista avatar Jun 07 '23 22:06 elquimista

@brauliomartinezlm - I see several PRs open with no response for a while. Is this going to be taken care of at all?

elquimista avatar Jun 09 '23 19:06 elquimista

🤔 returning {} for userHandle does not conform to the specification, it should be an ArrayBuffer according to AuthenticatorAssertionResponse interface.

I noticed in the fix you referenced that for other ArrayBuffers (authenticatorData, signature) in the AuthenticatorAssertionResponse you wrap these in a bufferToBase64url method call. Perhaps that is what it missing? That seems to line up with what the webauthn-json library is doing.

bdewater avatar Nov 10 '23 14:11 bdewater