Nesuma has just created a new issue for https://github.com/w3c/webauthn: == clientDataJSON sent to authenticator? == I'm a little confused why under 5.2. Authenticator Responses is says `This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().` and why (for registration) pubKeyCred.response.clientDataJSON gets its value from credentialCreationData.clientDataJSONResult instead of clientDataJSON directly when the value is just clientDataJSON copied a few steps earlier and there is no real clientDataJSON**result**. In the algorithms of 5.1.3 and 5.1.4 only the clientDataHash is passed to the authenticator. The CTAP specification also expects only the hash. Researching didn't solve my problem: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API `only a hash is sent because the link to the authenticator may be a low-bandwidth` https://webauthn.guide/ `clientDataJSON: This represents data passed from the browser to the authenticator` https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/WebAuthn_Client_Authentication.html `The clientDataJSON contains the JSON-serialized data passed to the authenticator by the client in order to generate the credential` What am I missing or are these problems just artifacts of an earlier version of webauthn? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1442 using your GitHub accountReceived on Tuesday, 16 June 2020 16:01:27 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC