Improved version of extension for Transaction Confirmation

[rlin1]

supporting security keys or platform authenticators to show the transaction. Also supports the platform to show the transaction text. If the client displayed the transaction text but not the authenticator (for example when using a security without display), the transaction text will be only included in the collectedClientData - similar to what SPC is doing. If the authenticator showed the transaction text, it will also be included in the extension that was signed by the authenticator (known and potentially attested entity showed the transaction text as opposed to a unknown client).

---

Preview | Diff