Re: [webauthn] Provide the public key in `AuthenticatorAttestationResponse` (#1363)

Actually, call the method `navigator.credentials.parseAuthData(result)`, where it takes the result of calling `create()` or `get()`, and returns something like:

        "rpIdHash": "afb64c14d8723ef066d1e108dd60adec30447611664958a5587cdf806ba5ab6b",
        "flags": {
            "UP": true,
            "RFU1": false,
            "UV": false,
            "RFU2a": false,
            "RFU2b": false,
            "RFU2c": false,
            "AT": true,
            "ED": false
        "signCount": 0,
        "attestedCredentialData": {
            "aaguid": "AAAAAAAAAAAAAAAAAAAAAA==",
            "credentialId": "mGYJM5RrXM1b",
            "publicKey": {
                "type": 2,
                "algorithm": -7,
                "curve_type": 1,
                "curve_x": "uELJlQrFdsxGjthRcbrcNwMKDGbsaEoP4T5T6JBdGQM=",
                "curve_y": "XBZY+ZCfmnQia65ZO17sHuD0FkUoAwIbE39G/EfChjI="
            "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuELJlQrFdsxGjthRcbrcNwMKDGbs\naEoP4T5T6JBdGQNcFlj5kJ+adCJrrlk7Xuwe4PQWRSgDAhsTf0b8R8KGMg==\n-----END PUBLIC KEY-----"
        "extensions": null

So everyone can easily get all of the data out of `result.response.attestationObject.authData`, and when it comes to `create()`, it includes a human readable version of `publicKeyBytes`, and a PEM formatted version of `publicKeyBytes` (which I believe most websites will be able to use directly).

GitHub Notification of comment by craigfrancis
Please view or discuss this issue at using your GitHub account

Received on Thursday, 23 January 2020 08:26:50 UTC