Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Server throws error `Credential public key was missing numeric alg`

See original GitHub issue

When calling verifyRegistrationResponse(options) on the server, it throws an error: Credential public key was missing numeric alg.

These are the options passed in to startRegistration:

{ "challenge": "RnZ2It6b4y_IoSTeVxZXGmPKsOFAjgf28hhw4XNRSvI", "rp": { "name": "localhost test", "id": "localhost" }, "user": { "id": "61577eb5cb412affc183ed1f", "name": "some@email.addr", "displayName": "some@email.addr" }, "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "timeout": 60000, "attestation": "none", "excludeCredentials": [], "authenticatorSelection": { "authenticatorAttachment": "platform", "userVerification": "required", "requireResidentKey": false }, "extensions": null }

Here’s the response from startRegistration:

{ "id": "AfaNwKs71uoY_YlspvubZqaEt_LYr2-YQkQKG-OlF6g7PabeurAU6fLrNBM96XOAT_S3WNTIhBmUh5XVfSM4oWTz4KVXMMISTfmNKNIE0zEiZ3ZUOLbqDuw", "rawId": "AfaNwKs71uoY_YlspvubZqaEt_LYr2-YQkQKG-OlF6g7PabeurAU6fLrNBM96XOAT_S3WNTIhBmUh5XVfSM4oWTz4KVXMMISTfmNKNIE0zEiZ3ZUOLbqDuw", "response": { "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjdSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFYi-f063OAAI1vMYKZIsLJfHwVQMAWQH2jcCrO9bqGP2JbKb7m2amhLfy2K9vmEJEChvjpReoOz2m3rqwFOny6zQTPelzgE_0t1jUyIQZlIeV1X0jOKFk8-ClVzDCEk35jSjSBNMxImd2VDi26g7spQECAyYgASFYINTQXIxmC-uQZRryAtgpfpVSJ0BcZbPhWQBW2bt8-cDbIlggaiEFMOfj9zEKWdCOKRwr69tB8Pcvo_2bwVNkrHC1JYA", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUm5aMkl0NmI0eV9Jb1NUZVZ4WlhHbVBLc09GQWpnZjI4aGh3NFhOUlN2SSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0" }, "type": "public-key", "clientExtensionResults": {}, "transports": [ "internal" ] }

Using @simplewebauthn/browser v4.1.0 & @simplewebauthn/server v4.4.0. Tested on MacBook Pro with TouchID, MacOS Monterey v12.3. Tested with Microsoft Edge v99.0.1150.39, Safari v15.4 (17613.1.17.1.6), virtual WebAuthn on Chrome.

Issue Analytics

State:
Created 2 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

versoworkscommented, Mar 19, 2022

@MasterKale correct; I figured it out and resolved it thusly;

authenticator.credentialPublicKey = Buffer.from(authenticator.credentialPublicKey.data);

Cheers for your help, and apologies for the hassle.

0reactions

MasterKalecommented, Mar 19, 2022

{
  "base64CredentialID": "AVdn1NZ8WwLqz4eMo1-jaYaKr-iNyRa7TtJldlIk5f7UJDwVTwrB6EcqMOCQoMtUb7lIXU4PLsApJHI1YBKlCF1jde0QSZX2eeaOziFNcMacGqqR7DWjpZg",
  "base64PublicKey": "pQECAyYgASFYIJdyqrM2EgNbNsbJP50ttHFEPAzVN7SxBrxSNH5lSS_dIlgg4rUYm69oCjEcts8WRvG-wkcarVi0RS37P80i61ryRto",
  "counter": 1647508282,
  "credentialID": {
    "data": [
      1, 87, 103, 212, 214, 124, 91, 2, 234, 207, 135, 140, 163, 95, 163, 105,
      134, 138, 175, 232, 141, 201, 22, 187, 78, 210, 101, 118, 82, 36, 229,
      254, 212, 36, 60, 21, 79, 10, 193, 232, 71, 42, 48, 224, 144, 160, 203,
      84, 111, 185, 72, 93, 78, 15, 46, 192, 41, 36, 114, 53, 96, 18, 165, 8,
      93, 99, 117, 237, 16, 73, 149, 246, 121, 230, 142, 206, 33, 77, 112, 198,
      156, 26, 170, 145, 236, 53, 163, 165, 152
    ],
    "type": "Buffer"
  },
  "credentialPublicKey": {
    "data": [
      165, 1, 2, 3, 38, 32, 1, 33, 88, 32, 151, 114, 170, 179, 54, 18, 3, 91,
      54, 198, 201, 63, 157, 45, 180, 113, 68, 60, 12, 213, 55, 180, 177, 6,
      188, 82, 52, 126, 101, 73, 47, 221, 34, 88, 32, 226, 181, 24, 155, 175,
      104, 10, 49, 28, 182, 207, 22, 70, 241, 190, 194, 71, 26, 173, 88, 180,
      69, 45, 251, 63, 205, 34, 235, 90, 242, 70, 218
    ],
    "type": "Buffer"
  },
  "devId": "6232fb3b865daceeb00cf5a0",
  "transports": ["internal"]
}

@versoworks The issue is almost certainly that your authenticator argument to verifyAuthenticationResponse() is passing in Objects for credentialID and credentialPublicKey. Did you run JSON.stringify() on them before storing these values after registration? In any case you need to massage those values into Buffers - if you pass those data int arrays into Buffer.from() and pass those into the method instead I’m almost certain it will solve your problem.

Top Results From Across the Web

WebAuthn: Can't create public key. Promise is rejected

I am trying to get WebAuthn set up on our login page. I am to the part where I need to make the...

Web Authentication: An API for accessing Public Key ... - W3C

User goes to server.example.net, authenticates and follows a link to report a lost/stolen authenticator. Server returns a page showing the list ...

oidc-provider API documentation - GitHub

recommendation: Use throw new errors. MissingUserCode('validation error message') when user_code should have been provided but wasn't.

Azure App Configuration REST API - HMAC authentication

Use HMAC to authenticate to Azure App Configuration by using the REST API.

Authentication API - Okta Developer

Primary authentication with public application. Authenticates a user with username/password credentials via a public application. Request example for primary ...