Gargoyle
Reputation: 10375
Fido2 challenge not matching original challenge
I'm using Fido2.AspNet version 4.0.0-beta.16 to implement passwordless logins. When trying to register a user, I'm getting an exception saying:
Authenticator response challenge does not match original challenge
I'm calling fido2.RequestNewCredential, storing the result in a redis cache, then sending that back to the Angular application. The Angular app calls fido2Create from @ownid/webauthn. I then send the data property of that back to the server.
When I run this code on the server to complete registration, the exception is thrown
var options = await cache.GetStringAsync(...);
var makeNewCredentialParams = new MakeNewCredentialParams {
AttestationResponse = request.AttestationResponse,
IsCredentialIdUniqueToUserCallback = ...,
OriginalOptions = CredentialCreateOptions.FromJson(options)
};
var credential = await fido2.MakeNewCredentialAsync(makeNewCredentialParams, cancellationToken);
This is all the Angular service is doing:
async register(email: string) {
const response = await lastValueFrom(this.#http.post('account/registerStart', email))
const fido = await fido2Create(response, email)
return await lastValueFrom(this.#http.post('account/registerEnd', { email, attestationResponse: fido.data })) as string
}
Upvotes: 0
Views: 60
Answers (0)
Related Questions
- How do I remedy "The breakpoint will not currently be hit. No symbols have been loaded for this document." warning?
- WebAuthn API not returning expected challenge token
- Why not inherit from List<T>?
- FIDO2 seamless sign-in across devices - Passkeys
- How to get a "fido-u2f' attestation fromat
- How to disallow the FIDO Webauthn key registration from virtual authenticator browser extension
- FIDO2 compatibility with U2F/CTAP1