Skip to content

WIP - fix(passkeys): pass challenge as Buffer to simplewebauthn to fix lookup#20362

Draft
dschom wants to merge 1 commit intomainfrom
FXA-13343.2
Draft

WIP - fix(passkeys): pass challenge as Buffer to simplewebauthn to fix lookup#20362
dschom wants to merge 1 commit intomainfrom
FXA-13343.2

Conversation

@dschom
Copy link
Copy Markdown
Contributor

@dschom dschom commented Apr 10, 2026

WIP

Because

  • simplewebauthn v13 treats string challenges as UTF-8 text and re-encodes them to base64url, producing a different value than what was stored in Redis. This caused challenge lookup to fail on registration/authentication finish.

This pull request

  • Passes challenge as Buffer.from(challenge, 'base64url') to generateRegistrationOptions and generateAuthenticationOptions so simplewebauthn base64url-encodes the raw bytes (roundtrip-safe).
  • Fixes PasskeyService constructor args in the integration test (was missing PasskeyConfig parameter).
  • Adds webauthn-adapter.in.spec.ts with a virtual authenticator that exercises real simplewebauthn verifyRegistrationResponse (no mocks).
  • Adds happy-path integration test for registration start → finish.

Issue that this pull request solves

Closes: (issue number)

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).
  • I have manually reviewed all AI generated code.

How to review (Optional)

  • Key files/areas to focus on:
  • Suggested review order:
  • Risky or complex parts:

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

@dschom @claude
fix(passkeys): pass challenge as Buffer to simplewebauthn to fix lookup
463947a 
Because:
- simplewebauthn v13 treats string challenges as UTF-8 text and
  re-encodes them to base64url, producing a different value than what
  was stored in Redis. This caused challenge lookup to fail on
  registration/authentication finish.

This commit:
- Passes challenge as Buffer.from(challenge, 'base64url') to
  generateRegistrationOptions and generateAuthenticationOptions so
  simplewebauthn base64url-encodes the raw bytes (roundtrip-safe).
- Fixes PasskeyService constructor args in the integration test
  (was missing PasskeyConfig parameter).
- Adds webauthn-adapter.in.spec.ts with a virtual authenticator that
  exercises real simplewebauthn verifyRegistrationResponse (no mocks).
- Adds happy-path integration test for registration start → finish.

Fixes FXA-13343

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@dschom dschom changed the title fix(passkeys): pass challenge as Buffer to simplewebauthn to fix lookup WIP - fix(passkeys): pass challenge as Buffer to simplewebauthn to fix lookup Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dschom