diff options
Diffstat (limited to 'packages/server/src')
3 files changed, 4 insertions, 35 deletions
diff --git a/packages/server/src/attestation/generateAttestationOptions.ts b/packages/server/src/attestation/generateAttestationOptions.ts index 7d888d1..a523cd1 100644 --- a/packages/server/src/attestation/generateAttestationOptions.ts +++ b/packages/server/src/attestation/generateAttestationOptions.ts @@ -10,11 +10,11 @@ import type { import base64url from 'base64url'; import generateChallenge from '../helpers/generateChallenge'; -import generateUserHandle from '../helpers/generateUserHandle'; type Options = { rpName: string; rpID: string; + userID: string; userName: string; challenge?: string | Buffer; userDisplayName?: string; @@ -79,6 +79,7 @@ const defaultSupportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers.filter(id * * @param rpName User-visible, "friendly" website/service name * @param rpID Valid domain name (after `https://`) + * @param userID User's website-specific unique ID * @param userName User's website-specific username (email, etc...) * @param challenge Random value the authenticator needs to sign and pass back * @param userDisplayName User's actual name @@ -98,6 +99,7 @@ export default function generateAttestationOptions( const { rpName, rpID, + userID, userName, challenge = generateChallenge(), userDisplayName = userName, @@ -129,9 +131,6 @@ export default function generateAttestationOptions( authenticatorSelection.requireResidentKey = false; } - // Generate a new, random ID for better privacy - const userHandle = generateUserHandle(); - return { challenge: base64url.encode(challenge), rp: { @@ -139,7 +138,7 @@ export default function generateAttestationOptions( id: rpID, }, user: { - id: base64url.encode(userHandle), + id: userID, name: userName, displayName: userDisplayName, }, diff --git a/packages/server/src/helpers/generateUserHandle.test.ts b/packages/server/src/helpers/generateUserHandle.test.ts deleted file mode 100644 index 16ff898..0000000 --- a/packages/server/src/helpers/generateUserHandle.test.ts +++ /dev/null @@ -1,14 +0,0 @@ -import generateUserHandle from './generateUserHandle'; - -test('should return a buffer of 64 bytes', () => { - const userHandle = generateUserHandle(); - - expect(userHandle.byteLength).toBe(64); -}); - -test('should return random bytes on each execution', () => { - const challenge1 = generateUserHandle(); - const challenge2 = generateUserHandle(); - - expect(challenge1).not.toEqual(challenge2); -}); diff --git a/packages/server/src/helpers/generateUserHandle.ts b/packages/server/src/helpers/generateUserHandle.ts deleted file mode 100644 index be3f838..0000000 --- a/packages/server/src/helpers/generateUserHandle.ts +++ /dev/null @@ -1,16 +0,0 @@ -import crypto from 'crypto'; - -/** - * Generate a suitably random value to be used as a user handle when creating a credential - */ -export default function generateUserHandle(): Buffer { - /** - * As per WebAuthn spec: - * - * "A user handle is an opaque byte sequence with a maximum size of 64 bytes, and is not meant to - * be displayed to the user." - * - * See https://w3c.github.io/webauthn/#user-handle - */ - return crypto.randomBytes(64); -} |