2 files changed, 14 insertions, 7 deletions

diff --git a/packages/browser/src/methods/startAssertion.test.ts b/packages/browser/src/methods/startAssertion.test.ts
index b069f60..ffc693c 100644
--- a/packages/browser/src/methods/startAssertion.test.ts
+++ b/packages/browser/src/methods/startAssertion.test.ts
@@ -4,6 +4,7 @@ import { AssertionCredential, PublicKeyCredentialRequestOptionsJSON } from '@web
 
 import toUint8Array from '../helpers/toUint8Array';
 import supportsWebauthn from '../helpers/supportsWebauthn';
+import toBase64String from '../helpers/toBase64String';
 
 import startAssertion from './startAssertion';
 
@@ -49,9 +50,9 @@ test('should convert options before passing to navigator.credentials.get(...)',
   const argsPublicKey = mockNavigatorGet.mock.calls[0][0].publicKey;
 
   expect(argsPublicKey.challenge).toEqual(toUint8Array(goodOpts1.publicKey.challenge));
-  expect(argsPublicKey.allowCredentials[0].id).toEqual(
-    toUint8Array(goodOpts1.publicKey.allowCredentials[0].id),
-  );
+  // Make sure the credential ID is a proper base64 with a length that's a multiple of 4
+  expect(argsPublicKey.allowCredentials[0].id.length % 4).toEqual(0);
+  expect(argsPublicKey.allowCredentials[0].id).toEqual(base64js.toByteArray('credId=='));
 
   done();
 });
diff --git a/packages/browser/src/methods/startAssertion.ts b/packages/browser/src/methods/startAssertion.ts
index 603c6fb..37a7915 100644
--- a/packages/browser/src/methods/startAssertion.ts
+++ b/packages/browser/src/methods/startAssertion.ts
@@ -3,6 +3,7 @@ import {
   AuthenticatorAssertionResponseJSON,
   AssertionCredential,
 } from '@webauthntine/typescript-types';
+import base64js from 'base64-js';
 
 import toUint8Array from '../helpers/toUint8Array';
 import toBase64String from '../helpers/toBase64String';
@@ -24,10 +25,15 @@ export default async function startAssertion(
   const publicKey: PublicKeyCredentialRequestOptions = {
     ...requestOptionsJSON.publicKey,
     challenge: toUint8Array(requestOptionsJSON.publicKey.challenge),
-    allowCredentials: requestOptionsJSON.publicKey.allowCredentials.map((cred) => ({
-      ...cred,
-      id: toUint8Array(cred.id),
-    }))
+    allowCredentials: requestOptionsJSON.publicKey.allowCredentials.map((cred) => {
+      // Make sure the credential ID length is a multiple of 4
+      let id = cred.id.padEnd(cred.id.length + (cred.id.length % 4), '=');
+
+      return {
+        ...cred,
+        id: base64js.toByteArray(id),
+      };
+    })
   };
 
   // Wait for the user to complete assertion