@simplewebauthn/server 9.0.3 → 10.0.0

package/script/registration/verifications/verifyAttestationAndroidSafetyNet.js

@@ -26,8 +26,8 @@ async function verifyAttestationAndroidSafetyNet(options) {
     // Prepare to verify a JWT
     const jwt = index_js_1.isoUint8Array.toUTF8String(response);
     const jwtParts = jwt.split('.');
-    const HEADER = JSON.parse(index_js_1.isoBase64URL.toString(jwtParts[0]));
-    const PAYLOAD = JSON.parse(index_js_1.isoBase64URL.toString(jwtParts[1]));
+    const HEADER = JSON.parse(index_js_1.isoBase64URL.toUTF8String(jwtParts[0]));
+    const PAYLOAD = JSON.parse(index_js_1.isoBase64URL.toUTF8String(jwtParts[1]));
     const SIGNATURE = jwtParts[2];
     /**
      * START Verify PAYLOAD

package/script/registration/verifyRegistrationResponse.d.ts

@@ -1,4 +1,4 @@
-import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON } from '../deps.js';
+import type { Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON } from '../deps.js';
 import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
 import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
 export type VerifyRegistrationResponseOpts = {
@@ -15,16 +15,13 @@ export type VerifyRegistrationResponseOpts = {
  *
  * **Options:**
  *
- * @param response Response returned by **@simplewebauthn/browser**'s `startAuthentication()`
- * @param expectedChallenge The base64url-encoded `options.challenge` returned by
- * `generateRegistrationOptions()`
- * @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
- * @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
- * @param expectedType (Optional) The response type expected ('webauthn.create')
- * @param requireUserVerification (Optional) Enforce user verification by the authenticator
- * (via PIN, fingerprint, etc...)
- * @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
- * attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * @param response - Response returned by **@simplewebauthn/browser**'s `startAuthentication()`
+ * @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateRegistrationOptions()`
+ * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
+ * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
+ * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
+ * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
+ * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
 export declare function verifyRegistrationResponse(options: VerifyRegistrationResponseOpts): Promise<VerifiedRegistrationResponse>;
 /**
@@ -59,7 +56,7 @@ export type VerifiedRegistrationResponse = {
         fmt: AttestationFormat;
         counter: number;
         aaguid: string;
-        credentialID: Uint8Array;
+        credentialID: Base64URLString;
         credentialPublicKey: Uint8Array;
         credentialType: 'public-key';
         attestationObject: Uint8Array;

package/script/registration/verifyRegistrationResponse.js

@@ -24,16 +24,13 @@ const verifyAttestationApple_js_1 = require("./verifications/verifyAttestationAp
  *
  * **Options:**
  *
- * @param response Response returned by **@simplewebauthn/browser**'s `startAuthentication()`
- * @param expectedChallenge The base64url-encoded `options.challenge` returned by
- * `generateRegistrationOptions()`
- * @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
- * @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
- * @param expectedType (Optional) The response type expected ('webauthn.create')
- * @param requireUserVerification (Optional) Enforce user verification by the authenticator
- * (via PIN, fingerprint, etc...)
- * @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
- * attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * @param response - Response returned by **@simplewebauthn/browser**'s `startAuthentication()`
+ * @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateRegistrationOptions()`
+ * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
+ * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
+ * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
+ * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
+ * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
 async function verifyRegistrationResponse(options) {
     const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserVerification = true, supportedAlgorithmIDs = generateRegistrationOptions_js_1.supportedCOSEAlgorithmIdentifiers, } = options;
@@ -197,7 +194,7 @@ async function verifyRegistrationResponse(options) {
             fmt,
             counter,
             aaguid: (0, convertAAGUIDToString_js_1.convertAAGUIDToString)(aaguid),
-            credentialID,
+            credentialID: index_js_1.isoBase64URL.fromBuffer(credentialID),
             credentialPublicKey,
             credentialType,
             attestationObject,