Replies: 2 comments
-
Hello @netmiller, this is a fun question for someone like me! In absolute terms there shouldn't be anything about those existing Talking specifically about SimpleWebAuthn, it looks like you're using base64 to store credential ID and public key bytes; so long as you convert them to Uint8Arrays when passing them into FYI you can import import { isoBase64URL } from '@simplewebauthn/server/helpers';
const verification = await verifyAuthenticationResponse({
// ...
authenticator: {
credentialID: isoBase64URL.toBuffer(wallix.credID, 'base64'),
credentialPublicKey: isoBase64URL.toBuffer(wallix.publicKey, 'base64'),
counter: wallix.counter
},
}); There's nothing |
Beta Was this translation helpful? Give feedback.
-
I'm going to convert this into a discussion now as this isn't reporting an issue with SimpleWebAuthn. |
Beta Was this translation helpful? Give feedback.
-
Tricky question
Some years ago I have implemented fido2-based login for customers, using Yubikey authenticators.
At the time I chose Wallix webauthn-library (https://github.com/wallix/webauthn#readme) but its support has ended 4 years ago.
Still it is working pretty well . Version is 0.1.3 ( Oct 14, 2019 ).
Anyway I have started to change fido2-lib to SimpleWebAuthn , and registration is ok now, and I just started with authentication. Now the question: can I utilise/convert previous credentials with new lib.
RelyingParty-information is 100% same as earlier, and all new or renewed registrations I can forward to use new lib.
But authentication will be smooth if possible to take relevant details from old credentials and still use SimpleWebAuth
verifyAuthenticationResponse
routine ?Here is example of current credentials (wallix-webauthn) and also credentials saved by Simplewebauth :
(latter is example from other app where I used SimpleWebAuthn two years ago)
Main question: is it technically possible to use older creds with new lib?
Anyway I will encourage customers to make new registration quite soon, but there is 40-50 customers and I can't force them to re-register immediatelly . Of course it is possible if I can't fidn any other solution, but not very convenient.
Beta Was this translation helpful? Give feedback.
All reactions