summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/authentication/verifyAuthenticationResponse.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/authentication/verifyAuthenticationResponse.ts')
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.ts12
1 files changed, 11 insertions, 1 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index 264a2f2..1949449 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -12,6 +12,7 @@ import verifySignature from '../helpers/verifySignature';
import parseAuthenticatorData from '../helpers/parseAuthenticatorData';
import isBase64URLString from '../helpers/isBase64URLString';
import { parseBackupFlags } from '../helpers/parseBackupFlags';
+import decodeExtensionDataBuffer, { ExtensionsJSON } from '../helpers/decodeExtensions';
export type VerifyAuthenticationResponseOpts = {
credential: AuthenticationCredentialJSON;
@@ -134,7 +135,7 @@ export default function verifyAuthenticationResponse(
const authDataBuffer = base64url.toBuffer(response.authenticatorData);
const parsedAuthData = parseAuthenticatorData(authDataBuffer);
- const { rpIdHash, flags, counter } = parsedAuthData;
+ const { rpIdHash, flags, counter, extensionsDataBuffer } = parsedAuthData;
// Make sure the response's RP ID is ours
if (typeof expectedRPID === 'string') {
@@ -159,6 +160,13 @@ export default function verifyAuthenticationResponse(
throw new Error('User not present during authentication');
}
+ let extensions = {};
+
+ // Parse authenticator extensions if available
+ if (flags.ed && extensionsDataBuffer) {
+ extensions = decodeExtensionDataBuffer(extensionsDataBuffer)
+ }
+
// Enforce user verification if required
if (requireUserVerification && !flags.uv) {
throw new Error('User verification required, but user could not be verified');
@@ -189,6 +197,7 @@ export default function verifyAuthenticationResponse(
credentialID: authenticator.credentialID,
credentialDeviceType,
credentialBackedUp,
+ extensions
},
};
@@ -218,5 +227,6 @@ export type VerifiedAuthenticationResponse = {
newCounter: number;
credentialDeviceType: CredentialDeviceType;
credentialBackedUp: boolean;
+ extensions: ExtensionsJSON;
};
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 06:41:22 +0000