Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature proposal: use a custom function to validate the challenge in verifyAuthenticationResponse
See original GitHub issueIt’d be useful to provide a custom challenge validation function instead of the raw expectedChallenge
type ChallengeValidator = (challenge: string) => boolean;
Why: the challenge is the only arbitrary data that is signed with WebAuthn. Its content looks like this in my case:
base64url(JSON.stringify({
"actualChallenge": "<big random value>",
"arbitraryDataThatMustBeSignedForOtherPurposes": {
"data1": "....",
}
}))
Only actualChallenge is stored and used as a nonce, and needs to be verified
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (6 by maintainers)
Top Results From Across the Web
What is challenge-response authentication? - TechTarget
From login verification to machine learning (ML), challenge-response authentication is an easy-to-implement cybersecurity tool to secure sensitive information, ...
Read more >[Feature Request] Handle result of custom validation functions
Proposal A backwards-compatible fix to pass custom validation errors ... Problem Right now, the result of validation functions is true or false.
Read more >Solved: Challenge proposal : Build a macro to validate dat...
Solved: Hi everybody, Here's my problem : I always need to check that the data files (.csv) sent by my client has a...
Read more >Verified by Visa Acquirer and Merchant Implementation Guide
Authentication involves the issuer verifying a cardholder's pre-established. Verified by Visa password or identity information provided by the ...
Read more >Challenge–response authentication - Wikipedia
The simplest example of a challenge–response protocol is password authentication, where the challenge is asking for the password and the valid response is...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@antogyn I’m happy to report that I’ve just published @simplewebauthn/server@4.4.0 with support for arbitrary data signing during authentication as well. Please see CHANGELOG.md for more info.
@antogyn I finally woke up, and then created #172 to add this feature. I’ll probably cut a release after the weekend.