Hi,
I'm playing with the new improvements to the ASAuthorizationController allowing to leverage WebAuthn API (e.g. ASAuthorizationPlatformPublicKeyCredentialRegistration and ASAuthorizationPlatformPublicKeyCredentialAssertion).
I've spotted an odd behaviour when validating assert requests.
Here is a small snippet of what's happening in my app:
// requesting assertion
let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(
relyingPartyIdentifier: response.rp.id
)
let assertionRequest = publicKeyCredentialProvider.createCredentialAssertionRequest(challenge: response.challenge)
...
// in delegate `assertRequest` is being sent to the server
let assertRequest = AssertRequest(
user: user,
signature: credentialAssertion.signature,
authData: credentialAssertion.rawAuthenticatorData,
clientData: credentialAssertion.rawClientDataJSON,
userId: credentialAssertion.userID
)
According to "5.1.4 Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]] Method" of the WebAuthn spec, the ClientData field should contain type "webauthn.get", but looks it always has "webauthn.create" value and fails my validation.
Has anyone else experienced similar issue? I was testing my app on the latest Xcode 13 beta2 and running the app on iOS 15 beta2.