4 files changed, 34 insertions, 11 deletions
diff --git a/packages/browser/src/helpers/toPublicKeyCredentialDescriptor.ts b/packages/browser/src/helpers/toPublicKeyCredentialDescriptor.ts
new file mode 100644
index 0000000..ad166a5
--- /dev/null
+++ b/packages/browser/src/helpers/toPublicKeyCredentialDescriptor.ts
@@ -0,0 +1,16 @@
+import base64js from 'base64-js';
+import type { PublicKeyCredentialDescriptorJSON } from '@webauthntine/typescript-types';
+
+export default function toPublicKeyCredentialDescriptor(
+  descriptor: PublicKeyCredentialDescriptorJSON,
+): PublicKeyCredentialDescriptor {
+  // Make sure the Base64'd credential ID length is a multiple of 4 or else toByteArray will throw
+  const { id } = descriptor;
+  const padLength = 4 - (id.length % 4);
+  const paddedId = id.padEnd(id.length + padLength, '=');
+
+  return {
+    ...descriptor,
+    id: base64js.toByteArray(paddedId),
+  };
+}
diff --git a/packages/browser/src/methods/startAssertion.ts b/packages/browser/src/methods/startAssertion.ts
index f504f19..826763a 100644
--- a/packages/browser/src/methods/startAssertion.ts
+++ b/packages/browser/src/methods/startAssertion.ts
@@ -3,11 +3,11 @@ import {
   AuthenticatorAssertionResponseJSON,
   AssertionCredential,
 } from '@webauthntine/typescript-types';
-import base64js from 'base64-js';
 
 import toUint8Array from '../helpers/toUint8Array';
 import toBase64String from '../helpers/toBase64String';
 import supportsWebauthn from '../helpers/supportsWebauthn';
+import toPublicKeyCredentialDescriptor from '../helpers/toPublicKeyCredentialDescriptor';
 
 /**
  * Begin authenticator "login" via WebAuthn assertion
@@ -25,16 +25,9 @@ export default async function startAssertion(
   const publicKey: PublicKeyCredentialRequestOptions = {
     ...requestOptionsJSON.publicKey,
     challenge: toUint8Array(requestOptionsJSON.publicKey.challenge),
-    allowCredentials: requestOptionsJSON.publicKey.allowCredentials.map(cred => {
-      // Make sure the credential ID length is a multiple of 4
-      const padLength = 4 - (cred.id.length % 4);
-      const id = cred.id.padEnd(cred.id.length + padLength, '=');
-
-      return {
-        ...cred,
-        id: base64js.toByteArray(id),
-      };
-    }),
+    allowCredentials: requestOptionsJSON.publicKey.allowCredentials.map(
+      toPublicKeyCredentialDescriptor,
+    ),
   };
 
   // Wait for the user to complete assertion
diff --git a/packages/browser/src/methods/startAttestation.test.ts b/packages/browser/src/methods/startAttestation.test.ts
index 539ffe5..faeca8b 100644
--- a/packages/browser/src/methods/startAttestation.test.ts
+++ b/packages/browser/src/methods/startAttestation.test.ts
@@ -38,6 +38,11 @@ const goodOpts1: PublicKeyCredentialCreationOptionsJSON = {
       name: 'username',
     },
     timeout: 1,
+    excludeCredentials: [{
+      id: 'authIdentifier',
+      type: 'public-key',
+      transports: ['internal'],
+    }],
   },
 };
 
@@ -64,6 +69,11 @@ test('should convert options before passing to navigator.credentials.create(...)
 
   expect(argsPublicKey.challenge).toEqual(toUint8Array(goodOpts1.publicKey.challenge));
   expect(argsPublicKey.user.id).toEqual(toUint8Array(goodOpts1.publicKey.user.id));
+  expect(argsPublicKey.excludeCredentials).toEqual([{
+    id: base64js.toByteArray('authIdentifier=='),
+    type: 'public-key',
+    transports: ['internal'],
+  }])
 
   done();
 });
diff --git a/packages/browser/src/methods/startAttestation.ts b/packages/browser/src/methods/startAttestation.ts
index c095670..14ffc53 100644
--- a/packages/browser/src/methods/startAttestation.ts
+++ b/packages/browser/src/methods/startAttestation.ts
@@ -7,6 +7,7 @@ import {
 import toUint8Array from '../helpers/toUint8Array';
 import toBase64String from '../helpers/toBase64String';
 import supportsWebauthn from '../helpers/supportsWebauthn';
+import toPublicKeyCredentialDescriptor from '../helpers/toPublicKeyCredentialDescriptor';
 
 /**
  * Begin authenticator "registration" via WebAuthn attestation
@@ -28,6 +29,9 @@ export default async function startAttestation(
       ...creationOptionsJSON.publicKey.user,
       id: toUint8Array(creationOptionsJSON.publicKey.user.id),
     },
+    excludeCredentials: creationOptionsJSON.publicKey.excludeCredentials.map(
+      toPublicKeyCredentialDescriptor,
+    ),
   };
 
   // Wait for the user to complete attestation