expectedType for verifyAuthenticationResponse

Related to https://github.com/MasterKale/SimpleWebAuthn/discussions/402

1 files changed, 12 insertions, 1 deletions

diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index 41370a0..efc56ee 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -18,6 +18,7 @@ export type VerifyAuthenticationResponseOpts = {
   expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
   expectedOrigin: string | string[];
   expectedRPID: string | string[];
+  expectedType?: string | string[];
   authenticator: AuthenticatorDevice;
   requireUserVerification?: boolean;
   advancedFIDOConfig?: {
@@ -52,6 +53,7 @@ export async function verifyAuthenticationResponse(
     expectedChallenge,
     expectedOrigin,
     expectedRPID,
+    expectedType,
     authenticator,
     requireUserVerification = true,
     advancedFIDOConfig,
@@ -88,7 +90,16 @@ export async function verifyAuthenticationResponse(
   const { type, origin, challenge, tokenBinding } = clientDataJSON;
 
   // Make sure we're handling an authentication
-  if (type !== 'webauthn.get') {
+  if (Array.isArray(expectedType)) {
+    if (!expectedType.includes(type)) {
+      const joinedExpectedType = expectedType.join(', ');
+      throw new Error(`Unexpected authentication response type "${type}", expected one of: ${joinedExpectedType}`);
+    }
+  } else if (expectedType) {
+    if (type !== expectedType) {
+      throw new Error(`Unexpected authentication response type "${type}", expected "${expectedType}"`);
+    }
+  } else if (type !== 'webauthn.get') {
     throw new Error(`Unexpected authentication response type: ${type}`);
   }