W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] New PublicKeyCredential methods for JSON (de)serialization (#1703)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Sat, 18 Jun 2022 15:16:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1159481856-1655565369-sysbot+gh@w3.org>
 > * During both creation and authentication, the `response.clientDataJSON` contains a raw JSON encoded string. So it would be better to parse this ArrayBuffer directly (like `{"type":"webauthn.create","challenge":"ZmFrZS1pZC05ZDFqazgwa251NA","origin":"http://localhost:63342","crossOrigin":false}` instead or re-encoding this string into base64url.

Speaking to this one, the `clientDataJSON` is part of the signed response, so any changes to white space, ordering, or Unicode canonicalization will ruin the response. Hence it is sent as binary rather than as a JSON structure or stringified JSON text. 

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1703#issuecomment-1159481856 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 18 June 2022 15:16:13 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC