According to the documentation of Apple's Anonymous Attestation Statement Format (fmt="apple"),
the nonce generated from the authenticatorData the clientDataHash is embedded in an extension with OID ( 1.2.840.113635.100.8.2 ) in the certificate for the credential public key.
If I try to validate a response generated after using touchID from my browser on my iOS14 device, I get a 38-byte value:
Code Block 414:d=5 hl=2 l= 9 prim: OBJECT :1.2.840.113635.100.8.2 425:d=5 hl=2 l= 38 prim: OCTET STRING [HEX DUMP]:3024A1220420D9052FED7AA782C1B416C59B0AE15F309A336E22984E32505307A6339DDE52FD
How can this be a SHA-256 hash value?