HashAlgorithm in clientDataJSON is not filled
Reported by
nickelst...@gmail.com,
Jan 27 2018
|
||||
Issue description
Chrome Version : 66.0.3332.0 (Official Build) canary (64-bit)
URLs (if applicable) : webauthn.io
Other browsers tested:
Add OK or FAIL, along with the version, after other browsers where you
have tested this issue:
Safari: FAIL
Firefox: OK
Edge: FAIL
What steps will reproduce the problem?
(1) Go to webauthn.io or run your own server from the code available at https://github.com/duo-labs/webauthn.
(2) Attempt to create a credential. It will fail.
(3) The reason it fails (reading the backend logs) is because the HashAlgorithm field is never set. You can see this output yourself by running the code available at https://github.com/duo-labs/webauthn.
What is the expected result?
HashAlgorithm field should be set to "SHA-256" or "SHA-512"
What happens instead?
The server must fail the web authentication request because the field is not set to either of these values.
Please provide any additional information below. Attach a screenshot if
possible.
The request also fails in a local dev environment because Chrome does not trust requests coming from 127.0.0.1:<my port> but this can be circumvented by standing up the code on an actual domain with SSL.
,
Jan 29 2018
,
Jan 30 2018
I'm guessing this can be closed as WAI.
,
Jan 31 2018
As per comment #3, closing this issue as Dev has confirmed that this issue is working as intended. Please feel free to raise a new bug if the issue is seen on the latest Chrome builds. Thanks.. |
||||
►
Sign in to add a comment |
||||
Comment 1 by kpaulhamus@chromium.org
, Jan 27 2018