- From: Emil Lundberg via GitHub <noreply@w3.org>
- Date: Tue, 21 Oct 2025 14:58:10 +0000
- To: public-webauthn@w3.org
Hi! Just to help me understand what problem you're facing: are you implementing an authenticator (which signs the hash of `clientDataJSON`), a client (which constructs `clientDataJSON`) or a Relying Party (which validates `clientDataJSON` and verifies the signature over it)? The `"extraData"` field is included in some of the test vectors (decided pseudo-randomly) in order to discourage RPs from matching `clientDataJSON` against an exhaustive template, since that would be forward-incompatible in case fields are added in the future. This mimics Google Chrome's behaviour of randomly adding `"extra_keys_may_be_added_here":"do not compare clientDataJSON against a template. See https://goo.gl/yabPex"` to `clientDataJSON`. These `"extraData"` and `"extra_keys_may_be_added_here"` fields do not need to be processed by authenticators or RPs, apart from them being part of the data that is cryptographically signed. Thus, if you are implementing an authenticator or an RP, you do not need to worry about how the `"extraData"` value in the test vectors is constructed. Your tests can simply copy the `clientDataJSON` value from the test vector into your test suite. If you are implementing a client and wish to reproduce `clientDataJSON` exactly to validate your implementation, then yes, you would need to include `"extraData"` to get an exact match. As you can see in the code you pointed out, the value is a constant prefix followed by the base64url encoding of the `extra_client_data` value listed in the test vector set. Note that the test vector set lists `extra_client_data` in hexadecimal form rather than base64url, so it appears different than in `clientDataJSON`, but it's the same binary data. Does that help? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2345#issuecomment-3427129046 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 21 October 2025 14:58:11 UTC