-
Notifications
You must be signed in to change notification settings - Fork 26
Update helpers.js to fix Software Keys #51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Cast Uint8Array objects to base64url encoding when preparing the payload so fido2 knows how to process it
Thanks for your contribution.
What type of keys can this be tested against?
Thanks for your contribution.
What type of keys can this be tested against?
I tested against key generation from Bitwarden and iOS Face ID authenticators using an OSX machine. I would test with Chrome latest.
Does this mean the current library shouldn't work with Apple Passkeys on Mac OSX?
Does this mean the current library shouldn't work with Apple Passkeys on Mac OSX?
AFAIK, when using the library (latest pypi) it attempts to save the passkey then Errors out with a bytes-to-dict TypeError
Thanks, I'll take the patch for a spin and will let you know.
Hello @resba,
I tested the current version of the libray (without Patch) on Mac OS X (Sequoia) with Safari (Version 18.2 (20620.1.16.11.8) and it worked as expected, Also, I tried Chrome and it worked fine, Can you please give me more specific version or can you deploy the version anywhere so we can check it together.
nitmir
commented
Aug 10, 2025
Hi @mkalioby
I have the same issue (with bitwarden and samsung pass) but only on Firefox : Uint8Array are not base64 encoded leading to authentication failure.
I applied this patch to fix my issue.
As ArrayBuffer and Uint8Array are 2 types of binary array in javascript, I think it is safe to always base64 both of those types.
Cheers
Cast Uint8Array objects to base64url encoding when preparing the payload so fido2 knows how to process it.
In newer versions of the credential creation function, some software passkeys will return Uint8Array objects where hardware tokens would pass base64 objects for elements like response.clientDataJSON and response.attestationObject.
This would result in those elements being casted as objects which would then fail out when running AuthenticationResponse.from_dict(response) in any of the views trying to process it due to a type where we pass it dict instead of the expected bytes.