Re: [webauthn] Use of CBOR, and Uint8Array/ArrayBuffer (#1362)

Thanks for the suggestion, but I'm not sure [webauthn-json](https://github.com/github/webauthn-json) is helpful in this case.

Basically I don't want every website needing these extra dependencies, especially one that has been written in TypeScript (introducing the need for Node.js to compile it).

---

While I'm not completely happy with my implementation yet, I feel like the WebAuthn API should be easier to use - ideally allowing the returned data to be sent directly to the server as normal JSON / Base64 encoded data:

https://github.com/craigfrancis/webauthn-tidy/blob/master/js/webauthn-create.js?ts=4
https://github.com/craigfrancis/webauthn-tidy/blob/master/js/webauthn-check.js?ts=4

This would also make the server side code considerably easier to implement:

https://github.com/craigfrancis/webauthn-tidy

But I must confess, I haven't looked at `attestation` during create() yet, so I'm not sure if my suggestion will work yet (I've just set it to 'none', mostly because I don't think I need it).

And thanks for noting the the mixing of `base64` and `base64Url`, that tripped me up when taking `result.id` from `navigator.credentials.create()`, then later using it for the `publicKey.allowCredentials.id` used with `navigator.credentials.get()`.

As to my `base64_to_uint8array()` function (well, copied from [Goran.it](https://stackoverflow.com/a/21797381/6632), as I've never needed to use Uint8Array before), it seems to be working, so I wonder if I'm using it in a different way than you're expecting?

I should note that this is the 3rd time I've tried to implement WebAuthn, and each time I have to leave it due to other work (I don't want to put something on my websites that I do not understand).

-- 
GitHub Notification of comment by craigfrancis
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1362#issuecomment-575724688 using your GitHub account

Received on Friday, 17 January 2020 17:40:25 UTC