Add authentication extension output test

author: Eiji Kitamura <agektmr@google.com> 2022-07-20 19:24:53 +0900
committer: Eiji Kitamura <agektmr@google.com> 2022-07-20 19:24:53 +0900
commit: 909eaa2da387b5444b12b1af930e7d2ced4eb685 (patch)
tree: 2e20cfcd3c9351341ac2634ae50b13f50cbcf929 /packages/server/src/authentication/verifyAuthenticationResponse.ts
parent: 58965f080dbceceac36b77fbce30db6ce60c3427 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index 264a2f2..1949449 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -12,6 +12,7 @@ import verifySignature from '../helpers/verifySignature';
 import parseAuthenticatorData from '../helpers/parseAuthenticatorData';
 import isBase64URLString from '../helpers/isBase64URLString';
 import { parseBackupFlags } from '../helpers/parseBackupFlags';
+import decodeExtensionDataBuffer, { ExtensionsJSON } from '../helpers/decodeExtensions';
 
 export type VerifyAuthenticationResponseOpts = {
   credential: AuthenticationCredentialJSON;
@@ -134,7 +135,7 @@ export default function verifyAuthenticationResponse(
 
   const authDataBuffer = base64url.toBuffer(response.authenticatorData);
   const parsedAuthData = parseAuthenticatorData(authDataBuffer);
-  const { rpIdHash, flags, counter } = parsedAuthData;
+  const { rpIdHash, flags, counter, extensionsDataBuffer } = parsedAuthData;
 
   // Make sure the response's RP ID is ours
   if (typeof expectedRPID === 'string') {
@@ -159,6 +160,13 @@ export default function verifyAuthenticationResponse(
     throw new Error('User not present during authentication');
   }
 
+  let extensions = {};
+
+  // Parse authenticator extensions if available
+  if (flags.ed && extensionsDataBuffer) {
+    extensions = decodeExtensionDataBuffer(extensionsDataBuffer)
+  }
+
   // Enforce user verification if required
   if (requireUserVerification && !flags.uv) {
     throw new Error('User verification required, but user could not be verified');
@@ -189,6 +197,7 @@ export default function verifyAuthenticationResponse(
       credentialID: authenticator.credentialID,
       credentialDeviceType,
       credentialBackedUp,
+      extensions
     },
   };
 
@@ -218,5 +227,6 @@ export type VerifiedAuthenticationResponse = {
     newCounter: number;
     credentialDeviceType: CredentialDeviceType;
     credentialBackedUp: boolean;
+    extensions: ExtensionsJSON;
   };
 };
author	Eiji Kitamura <agektmr@google.com>	2022-07-20 19:24:53 +0900
committer	Eiji Kitamura <agektmr@google.com>	2022-07-20 19:24:53 +0900
commit	909eaa2da387b5444b12b1af930e7d2ced4eb685 (patch)
tree	2e20cfcd3c9351341ac2634ae50b13f50cbcf929 /packages/server/src/authentication/verifyAuthenticationResponse.ts
parent	58965f080dbceceac36b77fbce30db6ce60c3427 (diff)