- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Sat, 18 Jun 2022 15:16:11 +0000
- To: public-webauthn@w3.org
> * During both creation and authentication, the `response.clientDataJSON` contains a raw JSON encoded string. So it would be better to parse this ArrayBuffer directly (like `{"type":"webauthn.create","challenge":"ZmFrZS1pZC05ZDFqazgwa251NA","origin":"http://localhost:63342","crossOrigin":false}` instead or re-encoding this string into base64url.
Speaking to this one, the `clientDataJSON` is part of the signed response, so any changes to white space, ordering, or Unicode canonicalization will ruin the response. Hence it is sent as binary rather than as a JSON structure or stringified JSON text.
--
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1703#issuecomment-1159481856 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 18 June 2022 15:16:13 UTC