summaryrefslogtreecommitdiffhomepage
path: root/packages/server
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server')
-rw-r--r--packages/server/src/attestation/verifyAttestationResponse.ts18
1 files changed, 17 insertions, 1 deletions
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts
index e696027..374b79b 100644
--- a/packages/server/src/attestation/verifyAttestationResponse.ts
+++ b/packages/server/src/attestation/verifyAttestationResponse.ts
@@ -42,7 +42,23 @@ export default function verifyAttestationResponse(options: Options): VerifiedAtt
expectedRPID,
requireUserVerification = false,
} = options;
- const { response } = credential;
+ const { id, rawId, type: credentialType, response } = credential;
+
+ // Ensure credential specified an ID
+ if (!id) {
+ throw new Error('Missing credential ID');
+ }
+
+ // Ensure ID is base64url-encoded
+ if (id !== rawId) {
+ throw new Error('Credential ID was not base64url-encoded');
+ }
+
+ // Make sure credential type is public-key
+ if (credentialType !== 'public-key') {
+ throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
+ }
+
const clientDataJSON = decodeClientDataJSON(response.clientDataJSON);
const { type, origin, challenge } = clientDataJSON;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-02 13:54:45 +0000