@bradford-tech/supabase-integrity-attest 0.8.0 → 0.8.2

package/README.md

@@ -1,9 +1,8 @@
 # supabase-integrity-attest
 
-Server-side TypeScript library for verifying Apple App Attest attestations and
-assertions using the WebCrypto API. Built for Deno and Supabase Edge Functions.
+Apple App Attest server-side verification for edge runtimes, using only WebCrypto.
 
-## Installation
+## Install
 
 ```bash
 # Deno
@@ -13,51 +12,94 @@ deno add jsr:@bradford-tech/supabase-integrity-attest
 npm install @bradford-tech/supabase-integrity-attest
 ```
 
-## Subpath imports
+## Quick start
 
-If you only need assertion verification, import from the lighter entry point:
+Verify a device attestation and extract its public key:
 
-```typescript
-// Full library (attestation + assertion)
-import { verifyAttestation, verifyAssertion } from "@bradford-tech/supabase-integrity-attest";
+```ts
+import { verifyAttestation } from "@bradford-tech/supabase-integrity-attest";
 
-// Assertion only — skips asn1js and @noble/curves
-import { verifyAssertion } from "@bradford-tech/supabase-integrity-attest/assertion";
+const clientDataHash = new Uint8Array(
+  await crypto.subtle.digest("SHA-256", new TextEncoder().encode(challenge)),
+);
 
-// Attestation only
-import { verifyAttestation } from "@bradford-tech/supabase-integrity-attest/attestation";
+const { publicKeyPem, signCount } = await verifyAttestation(
+  { appId: "TEAMID.com.example.app" },
+  keyId,          // base64 key identifier from client
+  clientDataHash, // SHA-256 of the challenge you issued
+  attestation,    // base64 CBOR attestation from client
+);
+// publicKeyPem: "-----BEGIN PUBLIC KEY-----\nMFkw..."
+// signCount: 0
 ```
 
-## Usage
-
-### Attestation (one-time per device)
+Store `publicKeyPem` and `signCount` for this device. Use them to verify future assertions.
 
-```typescript
-import { verifyAttestation } from "@bradford-tech/supabase-integrity-attest";
+## Why this library
 
-const result = await verifyAttestation(
-  { appId: "TEAMID.com.your.bundleid" },
-  keyId, // base64 from client
-  challenge, // the challenge you issued
-  attestation, // base64 CBOR from client
-);
+Existing App Attest verification libraries depend on `node:crypto` or packages that crash in edge runtimes. `appattest-checker-node` uses `X509Certificate.verify()`, which throws `ERR_NOT_IMPLEMENTED` in Deno. `pkijs` crashes at module load in Supabase Edge Functions because `self.crypto.name` is undefined. `@peculiar/x509` pulls in `tsyringe` and `reflect-metadata`, which rely on global side effects during module initialization.
 
-// Store result.publicKeyPem and signCount (0) for this device
-```
+This library uses only `crypto.subtle` for cryptographic operations, with `asn1js` for X.509 parsing and `@noble/curves` for one operation Deno's WebCrypto doesn't support (P-384 signature verification on Apple's intermediate certificate).
 
-### Protecting edge functions with `withAssertion`
+## Middleware
 
-`withAssertion` wraps a request handler so that assertion verification,
-device lookup, and sign count updates happen before your business logic runs.
+Both middleware wrappers below use a Supabase service-role client for database access:
 
-```typescript
+```ts
 import { createClient } from "jsr:@supabase/supabase-js@2";
-import { withAssertion } from "@bradford-tech/supabase-integrity-attest";
 
 const supabase = createClient(
   Deno.env.get("SUPABASE_URL")!,
   Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!,
 );
+```
+
+### `withAttestation` -- device registration
+
+`withAttestation` wraps a one-time device registration endpoint with automatic challenge consumption, attestation verification, and device key storage:
+
+```ts
+import { withAttestation } from "@bradford-tech/supabase-integrity-attest";
+
+Deno.serve(withAttestation({
+  appId: Deno.env.get("APP_ATTEST_APP_ID")!,
+  consumeChallenge: async (challenge) => {
+    const id = new TextDecoder().decode(challenge);
+    const { data } = await supabase
+      .from("attestation_challenges")
+      .delete()
+      .eq("id", id)
+      .select("id");
+    return (data?.length ?? 0) > 0;
+  },
+  storeDeviceKey: async ({ deviceId, publicKeyPem, signCount }) => {
+    await supabase
+      .from("device_attestations")
+      .upsert({ key_id: deviceId, public_key_pem: publicKeyPem, sign_count: signCount });
+  },
+}, (_req, ctx) => {
+  // ctx.deviceId, ctx.publicKeyPem, ctx.signCount, ctx.receipt, ctx.timings
+  return Response.json({ deviceId: ctx.deviceId });
+}));
+```
+
+`consumeChallenge` must be atomic: return `true` if the challenge was valid, unused, and unexpired (and is now consumed), `false` otherwise. Use `DELETE ... RETURNING` to guarantee single-use semantics.
+
+The default extractor reads a JSON body:
+
+```
+POST /functions/v1/attest
+Content-Type: application/json
+
+{"keyId": "<base64>", "challenge": "<base64>", "attestation": "<base64>"}
+```
+
+### `withAssertion` -- protected requests
+
+`withAssertion` wraps any protected endpoint with automatic assertion verification, device key lookup, and sign count commit:
+
+```ts
+import { withAssertion } from "@bradford-tech/supabase-integrity-attest";
 
 Deno.serve(withAssertion({
   appId: Deno.env.get("APP_ATTEST_APP_ID")!,
@@ -71,108 +113,172 @@ Deno.serve(withAssertion({
       ? { publicKeyPem: data.public_key_pem, signCount: data.sign_count }
       : null;
   },
-  updateSignCount: async (deviceId, newSignCount) => {
-    await supabase
+  commitSignCount: async (deviceId, newSignCount) => {
+    const { data } = await supabase
       .from("device_attestations")
       .update({ sign_count: newSignCount })
-      .eq("key_id", deviceId);
+      .eq("key_id", deviceId)
+      .lt("sign_count", newSignCount)
+      .select("key_id");
+    return (data?.length ?? 0) > 0;
   },
 }, async (_req, { rawBody }) => {
-  const { text, voice } = JSON.parse(new TextDecoder().decode(rawBody));
-  // business logic
-  return new Response(JSON.stringify({ audio: "..." }), {
-    headers: { "Content-Type": "application/json" },
-  });
+  const payload = JSON.parse(new TextDecoder().decode(rawBody));
+  return Response.json({ ok: true });
 }));
 ```
 
-The client sends the assertion and device ID in headers. The request body
-is the client data that was signed:
+The client sends the assertion and device ID in headers. The request body is the signed client data:
 
 ```
 POST /functions/v1/your-endpoint
-Headers:
-  Content-Type: application/json
-  X-App-Attest-Assertion: <base64-encoded assertion>
-  X-App-Attest-Device-Id: <base64-encoded keyId>
-Body:
-  {"text": "Hello world", "voice": "en-US"}
+X-App-Attest-Assertion: <base64-encoded assertion>
+X-App-Attest-Device-Id: <base64-encoded keyId>
+Content-Type: application/json
+
+{"text": "Hello world", "voice": "en-US"}
 ```
 
-Once you have multiple protected functions, extract the shared options into
-a helper:
+### Sign count atomicity
 
-```typescript
+`commitSignCount` **must** use compare-and-swap: only update the stored count if the current value is strictly less than `newSignCount`. An unconditional `UPDATE ... SET sign_count = $1` silently breaks replay protection when two requests arrive concurrently.
+
+```sql
+UPDATE device_attestations
+   SET sign_count = $1, last_seen_at = now()
+ WHERE key_id = $2 AND sign_count < $1
+```
+
+Return `true` if the row was updated. The library converts `false` into `AssertionError(SIGN_COUNT_STALE)`.
+
+### Shared options
+
+Once you have multiple protected functions, extract the shared options:
+
+```ts
 // supabase/functions/_shared/attest.ts
 import type { WithAssertionOptions } from "@bradford-tech/supabase-integrity-attest";
 
-export const attestOptions: WithAssertionOptions = {
+export const assertionOptions: WithAssertionOptions = {
   appId: Deno.env.get("APP_ATTEST_APP_ID")!,
-  // ... getDeviceKey, updateSignCount as above
+  // ... getDeviceKey, commitSignCount as above
 };
 ```
 
-```typescript
+```ts
 // supabase/functions/text-to-speech/index.ts
 import { withAssertion } from "@bradford-tech/supabase-integrity-attest";
-import { attestOptions } from "../_shared/attest.ts";
+import { assertionOptions } from "../_shared/attest.ts";
 
-Deno.serve(withAssertion(attestOptions, async (_req, { rawBody }) => {
+Deno.serve(withAssertion(assertionOptions, async (_req, { rawBody }) => {
   const { text, voice } = JSON.parse(new TextDecoder().decode(rawBody));
-  return new Response(JSON.stringify({ audio: "..." }));
+  return Response.json({ audio: "..." });
 }));
 ```
 
-### Assertion (low-level)
+## Low-level API
+
+For full control over the verification flow, use `verifyAttestation` and `verifyAssertion` directly.
+
+The quick start above shows `verifyAttestation`. Note that `clientDataHash` must be SHA-256 of the challenge, not the raw challenge. Client SDKs (Expo's `attestKeyAsync`, native `DCAppAttestService.attestKey`) hash the challenge internally before passing to Apple; you must produce the same hash server-side. The `withAttestation` middleware handles this automatically.
 
-For full control over the verification flow, use `verifyAssertion` directly:
+### Assertion
 
-```typescript
+```ts
 import { verifyAssertion } from "@bradford-tech/supabase-integrity-attest";
 
-const result = await verifyAssertion(
-  { appId: "TEAMID.com.your.bundleid" },
-  assertion, // base64 CBOR from client
-  clientData, // the request payload that was signed
-  storedPublicKeyPem, // from attestation
-  storedSignCount, // last known counter
+const { signCount } = await verifyAssertion(
+  { appId: "TEAMID.com.example.app" },
+  assertion,         // base64 CBOR from client
+  clientData,        // the request payload that was signed
+  storedPublicKeyPem,
+  storedSignCount,
 );
+// Update stored signCount to signCount
+```
+
+## Subpath imports
+
+Import only what you need to reduce bundle size:
+
+```ts
+// Full library (attestation + assertion)
+import { verifyAttestation, verifyAssertion } from "@bradford-tech/supabase-integrity-attest";
+
+// Assertion only -- skips asn1js and @noble/curves
+import { verifyAssertion, withAssertion } from "@bradford-tech/supabase-integrity-attest/assertion";
 
-// Update stored signCount to result.signCount
+// Attestation only
+import { verifyAttestation, withAttestation } from "@bradford-tech/supabase-integrity-attest/attestation";
 ```
 
-### Error handling
+## Error handling
 
-```typescript
+```ts
 import {
   AttestationError,
-  AttestationErrorCode,
   AssertionError,
-  AssertionErrorCode,
 } from "@bradford-tech/supabase-integrity-attest";
 
 try {
-  await verifyAttestation(appInfo, keyId, challenge, attestation);
+  await verifyAttestation(appInfo, keyId, clientDataHash, attestation);
 } catch (e) {
   if (e instanceof AttestationError) {
-    console.log(e.code); // e.g. "NONCE_MISMATCH", "INVALID_CERTIFICATE_CHAIN"
+    console.log(e.code);
+    // => "NONCE_MISMATCH"
   }
 }
 ```
 
+### Attestation error codes
+
+| Code | Meaning |
+| --- | --- |
+| `INVALID_FORMAT` | CBOR decoding or structural validation failed |
+| `INVALID_CERTIFICATE_CHAIN` | X.509 certificate chain verification failed |
+| `NONCE_MISMATCH` | Computed nonce does not match the certificate nonce |
+| `RP_ID_MISMATCH` | RP ID hash does not match SHA-256 of the app ID |
+| `KEY_ID_MISMATCH` | Public key hash does not match the provided key ID |
+| `INVALID_COUNTER` | Sign count is not zero (required for attestation) |
+| `INVALID_AAGUID` | AAGUID does not match the expected environment |
+| `CHALLENGE_INVALID` | Challenge missing, expired, or already consumed (`withAttestation` only) |
+| `INTERNAL_ERROR` | Storage callback or internal error (`withAttestation` only) |
+
+### Assertion error codes
+
+| Code | Meaning |
+| --- | --- |
+| `INVALID_FORMAT` | CBOR decoding or structural validation failed |
+| `RP_ID_MISMATCH` | RP ID hash does not match SHA-256 of the app ID |
+| `COUNTER_NOT_INCREMENTED` | Sign count was not greater than the stored value |
+| `SIGNATURE_INVALID` | ECDSA signature verification failed |
+| `DEVICE_NOT_FOUND` | No device key for the given device ID (`withAssertion` only) |
+| `INTERNAL_ERROR` | Storage callback or internal error (`withAssertion` only) |
+| `SIGN_COUNT_STALE` | Concurrent request already advanced the counter (`withAssertion` only) |
+
 ## Development environment
 
-For apps using Apple's development App Attest environment:
+For apps using Apple's development App Attest environment, pass `developmentEnv: true`:
 
-```typescript
+```ts
 await verifyAttestation(
-  { appId: "TEAMID.com.your.bundleid", developmentEnv: true },
+  { appId: "TEAMID.com.example.app", developmentEnv: true },
   keyId,
-  challenge,
+  clientDataHash,
   attestation,
 );
 ```
 
+`withAttestation` also accepts `developmentEnv` in its options.
+
+## Documentation
+
+Full documentation at [integrity-attest.bradford.tech](https://integrity-attest.bradford.tech).
+
+## Contributing
+
+Issues and pull requests are welcome on [GitHub](https://github.com/bradford-tech/supabase-integrity-attest).
+
 ## Security
 
 See [SECURITY.md](./SECURITY.md) for vulnerability reporting.

package/esm/src/attestation.d.ts

@@ -40,7 +40,12 @@ export interface AttestationCbor {
     };
     authData: Uint8Array;
 }
-/** Decode an Apple App Attest attestation object from raw CBOR bytes. */
+/**
+ * Decode an Apple App Attest attestation object from raw CBOR bytes.
+ *
+ * @throws {AttestationError} with code `INVALID_FORMAT` if the data is not
+ *   a valid attestation CBOR structure.
+ */
 export declare function decodeAttestationCbor(data: Uint8Array): AttestationCbor;
 /**
  * Verify an Apple App Attest attestation.

package/esm/src/attestation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../src/src/attestation.ts"],"names":[],"mappings":"AAaA,yCAAyC;AACzC,MAAM,WAAW,OAAO;IACtB,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,OAAO,EAAE,UAAU,CAAC;IACpB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACvC,uFAAuF;IACvF,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,GAAG,EAAE,UAAU,EAAE,CAAC;QAClB,OAAO,EAAE,UAAU,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE,UAAU,CAAC;CACtB;AAsGD,yEAAyE;AACzE,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAyEvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,UAAU,GAAG,MAAM,EACnC,WAAW,EAAE,UAAU,GAAG,MAAM,EAChC,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,iBAAiB,CAAC,CAkJ5B"}
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../src/src/attestation.ts"],"names":[],"mappings":"AAgBA,yCAAyC;AACzC,MAAM,WAAW,OAAO;IACtB,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,OAAO,EAAE,UAAU,CAAC;IACpB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACvC,uFAAuF;IACvF,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE;QACP,GAAG,EAAE,UAAU,EAAE,CAAC;QAClB,OAAO,EAAE,UAAU,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE,UAAU,CAAC;CACtB;AAsGD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAwFvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,UAAU,GAAG,MAAM,EACnC,WAAW,EAAE,UAAU,GAAG,MAAM,EAChC,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,iBAAiB,CAAC,CAoJ5B"}

package/esm/src/attestation.js

@@ -3,7 +3,7 @@ import { decodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.10/base64.js";
 import { extractNonceFromCert, extractPublicKeyFromCert, verifyCertificateChain, } from "./certificate.js";
 import { AAGUID_DEVELOPMENT, AAGUID_PRODUCTION } from "./constants.js";
 import { AttestationError, AttestationErrorCode } from "./errors.js";
-import { parseAttestationAuthData } from "./authdata.js";
+import { parseAttestationAuthData, } from "./authdata.js";
 import { concat, constantTimeEqual, exportKeyToPem, toBytes } from "./utils.js";
 /** Read a CBOR unsigned integer (additional info + following bytes). */
 function readCborUint(data, offset) {
@@ -88,72 +88,86 @@ function findCborTextKey(data, key, startOffset) {
     }
     return -1;
 }
-/** Decode an Apple App Attest attestation object from raw CBOR bytes. */
+/**
+ * Decode an Apple App Attest attestation object from raw CBOR bytes.
+ *
+ * @throws {AttestationError} with code `INVALID_FORMAT` if the data is not
+ *   a valid attestation CBOR structure.
+ */
 export function decodeAttestationCbor(data) {
-    // Verify top-level is a CBOR map
-    const majorType = (data[0] >> 5) & 0x07;
-    if (majorType !== 5) {
-        throw new Error("Expected CBOR map at top level");
-    }
-    // Find "fmt" key and read its value
-    const fmtKeyPos = findCborTextKey(data, "fmt", 0);
-    if (fmtKeyPos === -1)
-        throw new Error('Missing "fmt" key');
-    const fmtKeyEnd = fmtKeyPos + 1 + 3; // 0x63 + "fmt"
-    const { value: fmt } = readCborText(data, fmtKeyEnd);
-    // Find "attStmt" key
-    const attStmtKeyPos = findCborTextKey(data, "attStmt", 0);
-    if (attStmtKeyPos === -1)
-        throw new Error('Missing "attStmt" key');
-    // After "attStmt" key: 0x67 + "attStmt" = 8 bytes
-    const attStmtValuePos = attStmtKeyPos + 8;
-    // attStmt value should be a map
-    const attStmtMajor = (data[attStmtValuePos] >> 5) & 0x07;
-    if (attStmtMajor !== 5)
-        throw new Error("attStmt is not a CBOR map");
-    // Find "x5c" key within attStmt
-    const x5cKeyPos = findCborTextKey(data, "x5c", attStmtValuePos);
-    if (x5cKeyPos === -1)
-        throw new Error('Missing "x5c" key in attStmt');
-    const x5cValuePos = x5cKeyPos + 4; // 0x63 + "x5c"
-    // x5c value is an array
-    const x5cMajor = (data[x5cValuePos] >> 5) & 0x07;
-    if (x5cMajor !== 4)
-        throw new Error("x5c is not a CBOR array");
-    const { value: x5cCount, end: x5cFirstItemPos } = readCborUint(data, x5cValuePos);
-    // Read each certificate byte string
-    const x5c = [];
-    let pos = x5cFirstItemPos;
-    for (let i = 0; i < x5cCount; i++) {
-        const { value: cert, end } = readCborBytes(data, pos);
-        x5c.push(cert);
-        pos = end;
+    try {
+        // Verify top-level is a CBOR map
+        const majorType = (data[0] >> 5) & 0x07;
+        if (majorType !== 5) {
+            throw new Error("Expected CBOR map at top level");
+        }
+        // Find "fmt" key and read its value
+        const fmtKeyPos = findCborTextKey(data, "fmt", 0);
+        if (fmtKeyPos === -1)
+            throw new Error('Missing "fmt" key');
+        const fmtKeyEnd = fmtKeyPos + 1 + 3; // 0x63 + "fmt"
+        const { value: fmt } = readCborText(data, fmtKeyEnd);
+        // Find "attStmt" key
+        const attStmtKeyPos = findCborTextKey(data, "attStmt", 0);
+        if (attStmtKeyPos === -1)
+            throw new Error('Missing "attStmt" key');
+        // After "attStmt" key: 0x67 + "attStmt" = 8 bytes
+        const attStmtValuePos = attStmtKeyPos + 8;
+        // attStmt value should be a map
+        const attStmtMajor = (data[attStmtValuePos] >> 5) & 0x07;
+        if (attStmtMajor !== 5)
+            throw new Error("attStmt is not a CBOR map");
+        // Find "x5c" key within attStmt
+        const x5cKeyPos = findCborTextKey(data, "x5c", attStmtValuePos);
+        if (x5cKeyPos === -1)
+            throw new Error('Missing "x5c" key in attStmt');
+        const x5cValuePos = x5cKeyPos + 4; // 0x63 + "x5c"
+        // x5c value is an array
+        const x5cMajor = (data[x5cValuePos] >> 5) & 0x07;
+        if (x5cMajor !== 4)
+            throw new Error("x5c is not a CBOR array");
+        const { value: x5cCount, end: x5cFirstItemPos } = readCborUint(data, x5cValuePos);
+        // Read each certificate byte string
+        const x5c = [];
+        let pos = x5cFirstItemPos;
+        for (let i = 0; i < x5cCount; i++) {
+            const { value: cert, end } = readCborBytes(data, pos);
+            x5c.push(cert);
+            pos = end;
+        }
+        // After x5c, find "receipt" key
+        const receiptKeyPos = findCborTextKey(data, "receipt", pos);
+        if (receiptKeyPos === -1) {
+            throw new Error('Missing "receipt" key in attStmt');
+        }
+        // Find "authData" key - search from after the receipt key position
+        const authDataKeyPos = findCborTextKey(data, "authData", receiptKeyPos);
+        if (authDataKeyPos === -1) {
+            throw new Error('Missing "authData" key');
+        }
+        // The receipt value is the bytes between the receipt key end and the authData key start.
+        // Receipt key: 0x67 + "receipt" = 8 bytes
+        const receiptValueStart = receiptKeyPos + 8;
+        // Read the receipt CBOR header to get the data start offset
+        const receiptMajor = (data[receiptValueStart] >> 5) & 0x07;
+        if (receiptMajor !== 2) {
+            throw new Error("receipt is not a CBOR byte string");
+        }
+        const { end: receiptDataStart } = readCborUint(data, receiptValueStart);
+        // The actual receipt data extends to just before the authData key.
+        // This handles the case where Apple's CBOR length header is incorrect.
+        const receipt = data.slice(receiptDataStart, authDataKeyPos);
+        // Read authData value
+        // authData key: 0x68 + "authData" = 9 bytes
+        const authDataValuePos = authDataKeyPos + 9;
+        const { value: authData } = readCborBytes(data, authDataValuePos);
+        return { fmt, attStmt: { x5c, receipt }, authData };
     }
-    // After x5c, find "receipt" key
-    const receiptKeyPos = findCborTextKey(data, "receipt", pos);
-    if (receiptKeyPos === -1)
-        throw new Error('Missing "receipt" key in attStmt');
-    // Find "authData" key - search from after the receipt key position
-    const authDataKeyPos = findCborTextKey(data, "authData", receiptKeyPos);
-    if (authDataKeyPos === -1) {
-        throw new Error('Missing "authData" key');
+    catch (e) {
+        if (e instanceof AttestationError)
+            throw e;
+        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Failed to CBOR-decode attestation object: ${e instanceof Error ? e.message : String(e)}`, { cause: e });
     }
-    // The receipt value is the bytes between the receipt key end and the authData key start.
-    // Receipt key: 0x67 + "receipt" = 8 bytes
-    const receiptValueStart = receiptKeyPos + 8;
-    // Read the receipt CBOR header to get the data start offset
-    const receiptMajor = (data[receiptValueStart] >> 5) & 0x07;
-    if (receiptMajor !== 2)
-        throw new Error("receipt is not a CBOR byte string");
-    const { end: receiptDataStart } = readCborUint(data, receiptValueStart);
-    // The actual receipt data extends to just before the authData key.
-    // This handles the case where Apple's CBOR length header is incorrect.
-    const receipt = data.slice(receiptDataStart, authDataKeyPos);
-    // Read authData value
-    // authData key: 0x68 + "authData" = 9 bytes
-    const authDataValuePos = authDataKeyPos + 9;
-    const { value: authData } = readCborBytes(data, authDataValuePos);
-    return { fmt, attStmt: { x5c, receipt }, authData };
 }
 /**
  * Verify an Apple App Attest attestation.
@@ -188,13 +202,7 @@ export async function verifyAttestation(appInfo, keyId, clientDataHash, attestat
         attestationBytes = attestation;
     }
     // Step 1: CBOR decode attestation -> { fmt, attStmt: { x5c, receipt }, authData }
-    let decoded;
-    try {
-        decoded = decodeAttestationCbor(attestationBytes);
-    }
-    catch {
-        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, "Failed to CBOR-decode attestation object");
-    }
+    const decoded = decodeAttestationCbor(attestationBytes);
     // Step 2: Validate fmt === "apple-appattest"
     if (decoded.fmt !== "apple-appattest") {
         throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Invalid attestation format: expected "apple-appattest", got "${decoded.fmt}"`);
@@ -228,7 +236,13 @@ export async function verifyAttestation(appInfo, keyId, clientDataHash, attestat
         throw new AttestationError(AttestationErrorCode.KEY_ID_MISMATCH, "Public key hash does not match keyId");
     }
     // Step 11: Parse authData
-    const parsedAuthData = parseAttestationAuthData(authData);
+    let parsedAuthData;
+    try {
+        parsedAuthData = parseAttestationAuthData(authData);
+    }
+    catch (e) {
+        throw new AttestationError(AttestationErrorCode.INVALID_FORMAT, `Invalid authenticatorData: ${e instanceof Error ? e.message : String(e)}`);
+    }
     // Step 12: Verify rpIdHash === SHA-256(appId)
     const appIdHash = new Uint8Array(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(appInfo.appId)));
     if (!constantTimeEqual(parsedAuthData.rpIdHash, appIdHash)) {

package/esm/src/authdata.d.ts

@@ -6,7 +6,6 @@ export interface AssertionAuthData {
 export interface AttestationAuthData extends AssertionAuthData {
     aaguid: Uint8Array;
     credentialId: Uint8Array;
-    coseKeyBytes: Uint8Array;
 }
 export declare function parseAssertionAuthData(data: Uint8Array): AssertionAuthData;
 export declare function parseAttestationAuthData(data: Uint8Array): AttestationAuthData;

package/esm/src/authdata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authdata.d.ts","sourceRoot":"","sources":["../../src/src/authdata.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;IAC5D,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,UAAU,CAAC;IACzB,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,iBAAiB,CAgB1E;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,GACf,mBAAmB,CAiCrB"}
+{"version":3,"file":"authdata.d.ts","sourceRoot":"","sources":["../../src/src/authdata.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;IAC5D,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,iBAAiB,CAgB1E;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,GACf,mBAAmB,CA+BrB"}

package/esm/src/authdata.js

@@ -19,11 +19,9 @@ export function parseAttestationAuthData(data) {
         throw new Error(`authenticatorData truncated: credentialIdLength=${credentialIdLength} but only ${data.length - 55} bytes remain`);
     }
     const credentialId = data.slice(55, 55 + credentialIdLength);
-    const coseKeyBytes = data.slice(55 + credentialIdLength);
     return {
         ...base,
         aaguid,
         credentialId,
-        coseKeyBytes,
     };
 }

package/esm/src/with-assertion.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"with-assertion.d.ts","sourceRoot":"","sources":["../../src/src/with-assertion.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAsB,MAAM,aAAa,CAAC;AAEjE,iEAAiE;AACjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AACjE,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AAEjE,0EAA0E;AAC1E,MAAM,MAAM,SAAS,GAAG;IACtB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,mFAAmF;AACnF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,OAAO,EAAE,UAAU,CAAC;IACpB,mEAAmE;IACnE,OAAO,EAAE,gBAAgB,CAAC;CAC3B,CAAC;AAEF,0EAA0E;AAC1E,MAAM,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,MAAM,oBAAoB,GAAG;IACjC,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,wFAAwF;IACxF,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D;;;;;;;;;;;;;;;;OAgBG;IACH,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9E,8DAA8D;IAC9D,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,uEAAuE;IACvE,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,OAAO,KACT,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAmCF;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,gBAAgB,KACtB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAChC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAmGrC"}
+{"version":3,"file":"with-assertion.d.ts","sourceRoot":"","sources":["../../src/src/with-assertion.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAsB,MAAM,aAAa,CAAC;AAEjE,iEAAiE;AACjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AACjE,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AAEjE,0EAA0E;AAC1E,MAAM,MAAM,SAAS,GAAG;IACtB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,mFAAmF;AACnF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,OAAO,EAAE,UAAU,CAAC;IACpB,mEAAmE;IACnE,OAAO,EAAE,gBAAgB,CAAC;CAC3B,CAAC;AAEF,0EAA0E;AAC1E,MAAM,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,MAAM,oBAAoB,GAAG;IACjC,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IACd,wFAAwF;IACxF,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D;;;;;;;;;;;;;;;;OAgBG;IACH,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9E,8DAA8D;IAC9D,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,uEAAuE;IACvE,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,OAAO,KACT,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAqCF;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,gBAAgB,KACtB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAChC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAmGrC"}

package/esm/src/with-assertion.js

@@ -19,7 +19,9 @@ function defaultErrorResponse(error) {
         ? 500
         : error.code === AssertionErrorCode.INVALID_FORMAT
             ? 400
-            : 401;
+            : error.code === AssertionErrorCode.SIGN_COUNT_STALE
+                ? 409
+                : 401;
     return new Response(JSON.stringify({ error: error.message, code: error.code }), { status, headers: { "Content-Type": "application/json" } });
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bradford-tech/supabase-integrity-attest",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Verify Apple App Attest attestations and assertions using WebCrypto.",
   "homepage": "https://integrity-attest.bradford.tech",
   "repository": {