Re: [webauthn] Decoding attestationObject (#1614)

Indeed the public-key that is encoded prior to the extensions is itself CBOR. But the length of those CBOR bytes is given explicitly in the authenticator data, so code can find its extent and pass it precisely to a CBOR parser. You know that it's exactly one CBOR object, as is the extensions map.

You should expect extensions to sometimes exist, even if you don't request any.

https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-public-key-easy is hopefully helpful here.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1614#issuecomment-853329494 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 2 June 2021 19:34:58 UTC