- From: Craig Francis via GitHub <sysbot+gh@w3.org>
- Date: Thu, 23 Jan 2020 08:26:48 +0000
- To: public-webauthn@w3.org
Actually, call the method `navigator.credentials.parseAuthData(result)`, where it takes the result of calling `create()` or `get()`, and returns something like:
{
"rpIdHash": "afb64c14d8723ef066d1e108dd60adec30447611664958a5587cdf806ba5ab6b",
"flags": {
"UP": true,
"RFU1": false,
"UV": false,
"RFU2a": false,
"RFU2b": false,
"RFU2c": false,
"AT": true,
"ED": false
},
"signCount": 0,
"attestedCredentialData": {
"aaguid": "AAAAAAAAAAAAAAAAAAAAAA==",
"credentialId": "mGYJM5RrXM1b",
"publicKey": {
"type": 2,
"algorithm": -7,
"curve_type": 1,
"curve_x": "uELJlQrFdsxGjthRcbrcNwMKDGbsaEoP4T5T6JBdGQM=",
"curve_y": "XBZY+ZCfmnQia65ZO17sHuD0FkUoAwIbE39G/EfChjI="
}
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuELJlQrFdsxGjthRcbrcNwMKDGbs\naEoP4T5T6JBdGQNcFlj5kJ+adCJrrlk7Xuwe4PQWRSgDAhsTf0b8R8KGMg==\n-----END PUBLIC KEY-----"
},
"extensions": null
}
So everyone can easily get all of the data out of `result.response.attestationObject.authData`, and when it comes to `create()`, it includes a human readable version of `publicKeyBytes`, and a PEM formatted version of `publicKeyBytes` (which I believe most websites will be able to use directly).
--
GitHub Notification of comment by craigfrancis
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1363#issuecomment-577576815 using your GitHub account
Received on Thursday, 23 January 2020 08:26:50 UTC