- From: Nesuma via GitHub <sysbot+gh@w3.org>
- Date: Tue, 16 Jun 2020 16:01:23 +0000
- To: public-webauthn@w3.org
Nesuma has just created a new issue for https://github.com/w3c/webauthn: == clientDataJSON sent to authenticator? == I'm a little confused why under 5.2. Authenticator Responses is says `This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().` and why (for registration) pubKeyCred.response.clientDataJSON gets its value from credentialCreationData.clientDataJSONResult instead of clientDataJSON directly when the value is just clientDataJSON copied a few steps earlier and there is no real clientDataJSON**result**. In the algorithms of 5.1.3 and 5.1.4 only the clientDataHash is passed to the authenticator. The CTAP specification also expects only the hash. Researching didn't solve my problem: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API `only a hash is sent because the link to the authenticator may be a low-bandwidth` https://webauthn.guide/ `clientDataJSON: This represents data passed from the browser to the authenticator` https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/WebAuthn_Client_Authentication.html `The clientDataJSON contains the JSON-serialized data passed to the authenticator by the client in order to generate the credential` What am I missing or are these problems just artifacts of an earlier version of webauthn? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1442 using your GitHub account
Received on Tuesday, 16 June 2020 16:01:27 UTC