Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error in verifyAttestationResponse when using apple format and FaceID/TouchID sometimes not showing up

See original GitHub issue

There is an error thrown in verifyAssertionOptions when using apple FaceID to solve the attestation request.

Attestation options:

{
  challenge: 'VNT_3_E2tFGe4NUoLRdJhsztnVMbI_98Vr3GgMmRVlg',
  rp: { name: 'IPS Hosting', id: 'ips-hosting.eu.ngrok.io' },
  user: { id: '21', name: 'P4sca1', displayName: 'P4sca1' },
  pubKeyCredParams: [
    { alg: -7, type: 'public-key' },
    { alg: -8, type: 'public-key' },
    { alg: -36, type: 'public-key' },
    { alg: -37, type: 'public-key' },
    { alg: -38, type: 'public-key' },
    { alg: -39, type: 'public-key' },
    { alg: -257, type: 'public-key' },
    { alg: -258, type: 'public-key' },
    { alg: -259, type: 'public-key' }
  ],
  timeout: 60000,
  attestation: 'direct',
  excludeCredentials: [],
  authenticatorSelection: { userVerification: 'discouraged' },
  extensions: undefined
}

Attestation response (SimpleWebAuthn Debugger link)

{
  id: '24qeQ_g9SbjwmEdgagzhrzhN_DI',
  rawId: '24qeQ_g9SbjwmEdgagzhrzhN_DI',
  response: {
    attestationObject: 'o2NmbXRlYXBwbGVnYXR0U3RtdKJjYWxnJmN4NWOCWQJIMIICRDCCAcmgAwIBAgIGAXUUh_QAMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA5MjIwMDU1WhcNMjAxMDEyMjIwMDU1WjCBkTFJMEcGA1UEAwxANjEyMTQyMmNmNWY1MWNhMWQ4NTIyZDEwZDlhYzY3OGYxZjNjNTRhYjBmZDk5M2ViZWI2NDI3NzY4NDY2NjNhNjEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7qQ-_z-C1n5CYXuYzYNrWt9NCPpfO2i7Kisiu-5IHwyFFwOTpEmCIoNvlHZnBnKeLmTJ8zQh85cv0gI7iKNRWo1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIO3z3p0sNCSsTheri1FqVoEfQ9uLJGXnsrfHile9fwgjMAoGCCqGSM49BAMCA2kAMGYCMQD6TBLDKVkZBicGfFjk44cq_ZbnaW9blEdt3w0Auk4RDDt4HCK70iQFg2_DbmSP3RECMQDJDtmxXuTM-RljP2H50AOAbLKbLvSQNMHLbEe9TqAQe1Yq-D0uqf_l5CuCE04pVJVZAjgwggI0MIIBuqADAgECAhBWJVOVx6f7QOviKNgmCFO2MAoGCCqGSM49BAMDMEsxHzAdBgNVBAMMFkFwcGxlIFdlYkF1dGhuIFJvb3QgQ0ExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwMzE4MTgzODAxWhcNMzAwMzEzMDAwMDAwWjBIMRwwGgYDVQQDDBNBcHBsZSBXZWJBdXRobiBDQSAxMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgy6HLyYUkYECJbn1_Na7Y3i19V8_ywRbxzWZNHX9VJBE35v-GSEXZcaaHdoFCzjUUINAGkNPsk0RLVbD4c-_y5iR_sBpYIG--Wy8d8iN3a9Gpa7h3VFbWvqrk76cCyaRo2YwZDASBgNVHRMBAf8ECDAGAQH_AgEAMB8GA1UdIwQYMBaAFCbXZNnFeMJaZ9Gn3msS0Btj8cbXMB0GA1UdDgQWBBTrroLE_6GsW1HUzyRhBQC-Y713iDAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIxAN2LGjSBpfrZ27TnZXuEHhRMJ7dbh2pBhsKxR1dQM3In7-VURX72SJUMYy5cSD5wwQIwLIpgRNwgH8_lm8NNKTDBSHhR2WDtanXx60rKvjjNJbiX0MgFvvDH94sHpXHG6A4HaGF1dGhEYXRhWJgBpwTFUgYt_G45iIlHM9dA5ir7lBILi7_AbJl0nYyG-UUAAAAAAAAAAAAAAAAAAAAAAAAAAAAU24qeQ_g9SbjwmEdgagzhrzhN_DKlAQIDJiABIVggO6kPv8_gtZ-QmF7mM2Da1rfTQj6XztouyorIrvuSB8MiWCAhRcDk6RJgiKDb5R2ZwZyni5kyfM0IfOXL9ICO4ijUVg',
    clientDataJSON: 'eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVk5UXzNfRTJ0RkdlNE5Vb0xSZEpoc3p0blZNYklfOThWcjNHZ01tUlZsZyIsIm9yaWdpbiI6Imh0dHBzOi8vaXBzLWhvc3RpbmcuZXUubmdyb2suaW8ifQ'
  },
  type: 'public-key'
}

Error:

Error: Cannot get schema for 'Certificate' target
    at AsnSchemaStorage.get (/Users/pascal/code/ips-hosting/node_modules/@simplewebauthn/server/node_modules/@peculiar/asn1-schema/build/cjs/schema.js:17:19)
    at Function.fromASN (/Users/pascal/code/ips-hosting/node_modules/@simplewebauthn/server/node_modules/@peculiar/asn1-schema/build/cjs/parser.js:38:52)
    at Function.parse (/Users/pascal/code/ips-hosting/node_modules/@simplewebauthn/server/node_modules/@peculiar/asn1-schema/build/cjs/parser.js:28:26)
    at Object.verifyApple [as default] (/Users/pascal/code/ips-hosting/node_modules/@simplewebauthn/server/src/attestation/verifications/verifyApple.ts:40:36)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at Object.verifyAttestationResponse (/Users/pascal/code/ips-hosting/node_modules/@simplewebauthn/server/src/attestation/verifyAttestationResponse.ts:198:16)
    at Function.verifyAttestationResponse (/Users/pascal/code/ips-hosting/apps/api/src/controllers/auth/two-step-verification/web-authn.ts:72:47)
    at /Users/pascal/code/ips-hosting/apps/api/src/router/auth/two-step-verifiation/web-authn.ts:85:24

Also I noticed that you need to start the attestation 2 times to be able to use FaceID. In the first attempt, Safari only asks for a security key. Only when you cancel and restart the attestation, you can select from security key and FaceID. I don`t know whether this is an issue with the attestation options or with Safari.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:19 (17 by maintainers)

github_iconTop GitHub Comments

2reactions
madwizard-thomascommented, Oct 12, 2020

For face/touch ID to show up in the dialog, the webauthn create/get methods need to be called in a handler that is user initiated, e.g. in a click handler. If you call these methods automatically (on load) it will only show the security key option.

1reaction
P4sca1commented, Dec 8, 2020

Sorry, didn’t had time to test this. I will open a new issue if the issue occurs again. Thanks for your effort!

Read more comments on GitHub >

github_iconTop Results From Across the Web

If an error occurred while updating or installing macOS
The message might say that an error occurred while downloading, preparing, or installing, or that the installer is damaged or could not be ......
Read more >
How to repair a Mac disk with Disk Utility
If Disk Utility found errors that it could not repair, use Disk Utility to erase (format) your disk. If your disk doesn't appear...
Read more >
Repair a storage device in Disk Utility on Mac
Disk Utility can check for and fix errors related to the formatting and directory structure of a Mac storage device. Disk Utility can...
Read more >
If you can't back up or restore your Mac using Time Machine
If Time Machine says that it can't use your backup disk to back up or restore your files, try these solutions.
Read more >
If Dictation on Mac doesn't work as expected
If you're having trouble using Dictation on your Mac, something may not be set up correctly. Here are some solutions to try: Be...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Build error when I tried to import SimpleWebAuthn server

Next page

Improve library API documentation