1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
import { isValidDomain } from "./isValidDomain";
import { WebAuthnError } from "./webAuthnError";
/**
* Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
*/
export function identifyRegistrationError({
error,
options,
}: {
error: Error;
options: CredentialCreationOptions;
}): WebAuthnError | Error {
const { publicKey } = options;
if (!publicKey) {
throw Error("options was missing required publicKey property");
}
if (error.name === "AbortError") {
if (options.signal instanceof AbortSignal) {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
return new WebAuthnError({
message: "Registration ceremony was sent an abort signal",
code: "ERROR_CEREMONY_ABORTED",
cause: error,
});
}
} else if (error.name === "ConstraintError") {
if (publicKey.authenticatorSelection?.requireResidentKey === true) {
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)
return new WebAuthnError({
message:
"Discoverable credentials were required but no available authenticator supported it",
code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
cause: error,
});
} else if (
publicKey.authenticatorSelection?.userVerification === "required"
) {
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)
return new WebAuthnError({
message:
"User verification was required but no available authenticator supported it",
code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
cause: error,
});
}
} else if (error.name === "InvalidStateError") {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)
return new WebAuthnError({
message: "The authenticator was previously registered",
code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
cause: error,
});
} else if (error.name === "NotAllowedError") {
/**
* Pass the error directly through. Platforms are overloading this error beyond what the spec
* defines and we don't want to overwrite potentially useful error messages.
*/
return new WebAuthnError({
message: error.message,
code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
cause: error,
});
} else if (error.name === "NotSupportedError") {
const validPubKeyCredParams = publicKey.pubKeyCredParams.filter(
(param) => param.type === "public-key",
);
if (validPubKeyCredParams.length === 0) {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)
return new WebAuthnError({
message: 'No entry in pubKeyCredParams was of type "public-key"',
code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
cause: error,
});
}
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)
return new WebAuthnError({
message:
"No available authenticator supported any of the specified pubKeyCredParams algorithms",
code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
cause: error,
});
} else if (error.name === "SecurityError") {
const effectiveDomain = window.location.hostname;
if (!isValidDomain(effectiveDomain)) {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)
return new WebAuthnError({
message: `${window.location.hostname} is an invalid domain`,
code: "ERROR_INVALID_DOMAIN",
cause: error,
});
} else if (publicKey.rp.id !== effectiveDomain) {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)
return new WebAuthnError({
message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
code: "ERROR_INVALID_RP_ID",
cause: error,
});
}
} else if (error.name === "TypeError") {
if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
// https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)
return new WebAuthnError({
message: "User ID was not between 1 and 64 characters",
code: "ERROR_INVALID_USER_ID_LENGTH",
cause: error,
});
}
} else if (error.name === "UnknownError") {
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)
// https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)
return new WebAuthnError({
message:
"The authenticator was unable to process the specified options, or could not create a new credential",
code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
cause: error,
});
}
return error;
}
|
