Re: [webauthn] Provide request deserialization, response serialization (#1683) from Matthew Miller via GitHub on 2022-01-11 (public-webauthn@w3.org from January 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Jan 2022 17:16:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1010184085-1641921387-sysbot+gh@w3.org>

@nicksteele and I put together a document thinking about this from the WACG side of things and what a dev-friendly API would look like for serializing and deserializing WebAuthn options and responses with **zero external dependencies**:

https://docs.google.com/document/d/e/2PACX-1vTEyAjhn6a3Rqz2KLKcPg7NwoCGO31Lz7E_2zYt8J6Kzey8UUYycv5iukUos5waD4gsml-aEOEs1it0/pub

Below are our current ideas for additions to `PublicKeyCredential` that would enable developers to send/receive **JSON** between the front end and back end, and use **Base64URL** encoding/decoding for values that are `ArrayBuffers` as per the spec (and thus not transmissible as JSON):

## Registration

**Options**
```js
const createOpts = PublicKeyCredential.optionsFromJSON({
 method: 'create',
 options: {
   'challenge': 'N1B3...0Fmw',
   'rp': {
     'name': 'Example RP',
     'id': 'localhost',
   },
   'user': {
     'id': 'internalUserId',
     'name': 'user@localhost',
     'displayName': 'user@localhost',
   },
   'excludeCredentials': [
     {
       'id': 'ASdG...om6A',
       'type': 'public-key',
       'transports': ['internal']
     },
   ],
   // ...
 },
});
const resp = await navigator.credentials.create(createOpts);
```

**Response**
```js
const resp = await navigator.credentials.create(createOpts);
const respJSON = PublicKeyCredential.responseToJSON({
 method: 'create',
 response: resp,
});
// {
//   "id": "XU9x...47qQ",
//   "rawId": "XU9x...47qQ",
//   "response": {
//         "attestationObject": "o2Nm...MjeQ",
//         "clientDataJSON": "eyJ0...zZX0"
//   },
//   "type": "public-key",
//   "clientExtensionResults": {},
//   "transports": ["usb"]
// }
```

## Authentication

**Options**
```js
const getOpts = PublicKeyCredential.optionsFromJSON({
 method: 'get',
 options: {
   'rpId': 'localhost',
   'challenge': 'Ecue...5ZDE',
   'allowCredentials': [
     {
       'id': 'ASdG...om6A',
       'type': 'public-key',
       'transports': ['internal'],
     }
   ],
 },
});
const resp = await navigator.credentials.get(getOpts);
```

**Response**
```js
const resp = await navigator.credentials.get(getOpts);
const respJSON = PublicKeyCredential.responseToJSON({
 method: 'get',
 response: resp,
});
// {
//   "id": "XU9x...47qQ",
//   "rawId": "XU9x...47qQ",
//   "response": {
//         "authenticatorData": "SZYN...AACA",
//         "clientDataJSON": "eyJ0...zZX0",
//         "signature": "MEUC...TzT8"
//   },
//   "type": "public-key",
//   "clientExtensionResults": {}
// }
```

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1683#issuecomment-1010184085 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 11 January 2022 17:16:31 UTC