vertx-auth icon indicating copy to clipboard operation
vertx-auth copied to clipboard

Published 20 hours ago verified publisher icon eclipse-vertx

webauthn: implement proper support for extensions + validation

Open pmlopes opened this issue 3 years ago • 1 comments

WebAuthn Level 2, defines a set of core extensions. While the current API does allow specifying extensions, there is no way to tell if the extension is for registration and/or authentication. It is also not possible to process and validate any extension response.

See: https://www.w3.org/TR/webauthn-2/#sctn-defined-extensions

pmlopes avatar Feb 02 '22 10:02 pmlopes

Currently the extensions are just a map on the options object. This should be deprecated (as it's currently a NOOP feature) and we should define a codegen interface/data object for extensions:

The shape of this object should include:

  • a name
  • a use (registration, authentication, both)
  • a value (this could be anything: boolean, String, JSONObject, ...)
  • a validator function

The JavaScript companion library should also extract the extension results and post them back to the library so it can validate the responses.

pmlopes avatar Feb 02 '22 11:02 pmlopes