You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/src/reference/asciidoc/en/deep-dive.adoc
+44Lines changed: 44 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -117,6 +117,50 @@ In general, you can serialize and deserialize it by the method explained in <<Cr
117
117
A `ObjectConverter` with a `DeviceCheckCBORModule` can be obtained with `DeviceCheckManager.createObjectConverter` static method.
118
118
119
119
120
+
=== Alternative to Unsupported JSON Serialization APIs in Safari
121
+
122
+
In the Quick Start, `PublicKeyCredential.parseCreationOptionsFromJSON` is introduced as an API for parsing `PublicKeyCredentialCreationOptions`, and `PublicKeyCredential#toJSON` as an API for serializing `PublicKeyCredential`. However, as of today(December 2024), these APIs are not available in Safari.
123
+
124
+
As an alternative, it is recommended to use the pony-fill provided by the npm library https://github.com/github/webauthn-json[github/@webauthn-json], maintained by GitHub.
125
+
It provides `parseCreationOptionsFromJSON` method as a substitute for `PublicKeyCredential.parseCreationOptionsFromJSON` and `create` as a substitute for `navigator.credentials.create`.
const registrationResponseJSON = publicKeyCredential.toJSON() // JSON object of publicKeyCredential
140
+
const registrationResponseJSONStr = JSON.stringify(registrationResponseJSON) // JSON string representation of publicKeyCredential
141
+
----
142
+
143
+
The `toJSON` method can be used on the publicKeyCredential obtained using the `create` method of this pony-fill.
144
+
145
+
It also provides `parseRequestOptionsFromJSON` as a substitute for `PublicKeyCredential.parseRequestOptionsFromJSON`, and `get` is provided as a substitute for `navigator.credentials.get`.
Copy file name to clipboardExpand all lines: docs/src/reference/asciidoc/en/quick-start.adoc
+9-2Lines changed: 9 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -146,7 +146,11 @@ If no wrapper library is available, you will need to implement these functions y
146
146
147
147
When calling the `navigator.credentials.create` method, various options can be specified. One of these options is `challenge`. As mentioned earlier, the challenge is a parameter used to prevent replay attacks; it should be generated by the server, passed as a parameter, and also saved in a session or similar storage.
148
148
According to the registration flow diagram, the backend server first generates the challenge, saves it in a session, and then sends it to the client.
149
-
The WebAuthn specification does not define a specific method for passing the challenge from the backend server to the frontend. You could embed it in an HTML page or set up a REST endpoint to return the challenge. Another good idea is to create an endpoint that returns the entire `PublicKeyCredentialCreationOptions`, a parameter for `navigator.credentials.create`. The WebAuthn JavaScript API provides a method called `PublicKeyCredential.parseCreationOptionsFromJSON`, which can parse a serialized JSON `PublicKeyCredentialCreationOptions`. WebAuthn4J offers a Java class representing `PublicKeyCredentialCreationOptions`, which can be useful for assembling JSON on the backend server.
149
+
The WebAuthn specification does not define a specific method for passing the challenge from the backend server to the frontend. You could embed it in an HTML page or set up a REST endpoint to return the challenge. Another good idea is to create an endpoint that returns the entire `PublicKeyCredentialCreationOptions`, a parameter for `navigator.credentials.create`. The WebAuthn JavaScript API provides a method called `PublicKeyCredential.parseCreationOptionsFromJSON`, which can parse a serialized JSON `PublicKeyCredentialCreationOptions`.
150
+
However, as of December 2024, `PublicKeyCredential.parseCreationOptionsFromJSON` is not available in Safari.
151
+
For alternative solutions, refer to <<./deep-dive.adoc#_alternative_to_unsupported_json_serialization_apis_in_safari, Alternative to Unsupported JSON Serialization APIs in Safari>>.
152
+
153
+
WebAuthn4J offers a Java class representing `PublicKeyCredentialCreationOptions`, which can be useful for assembling JSON on the backend server.
150
154
151
155
.Fetching the entire `PublicKeyCredentialCreationOptions` from the REST endpoint and calling `navigator.credentials.create`
@@ -166,6 +170,8 @@ The generated WebAuthn credential must be sent to the backend server in some way
166
170
The WebAuthn specification does not define the format in which it should be sent to the server.
167
171
However, the JavaScript type `PublicKeyCredential`, representing a WebAuthn credential, has a `toJSON` method.
168
172
Using this method along with `JSON.stringify` to serialize the data is considered a best practice for transmission.
173
+
However, this `toJSON` method is also not available in Safari.
174
+
For alternative solutions, refer to <<./deep-dive.adoc#Alternative-to-Unsupported-JSON-Serialization-APIs-in-Safari,Alternative to Unsupported JSON Serialization APIs in Safari>>.
@@ -249,7 +255,7 @@ The server state is encapsulated in `serverProperty`. When calling the `ServerPr
249
255
- For `challenge`, set the generated challenge. The challenge is a parameter that helps prevent replay attacks. Generate a random byte array on the server as the challenge, pass it to the WebAuthn JS API on the frontend, and include it in the data to be signed. The server then verifies the matching values to protect users from replay attacks. It is the responsibility of the WebAuthn4J caller to persist the generated challenge until verification; storing it in a session is recommended.
250
256
251
257
If verification succeeds, create a `CredentialRecord` instance from the returned values and persist it in a database or similar storage for authentication.
252
-
For more information on persistence methods, see <<credentialrecord-serialization-and-deserialization>>.
258
+
For more information on persistence methods, see <<_credentialrecord_serialization_and_deserialization, Credential Record serializationanddeserialization>>.
253
259
If verification fails, a subclass of `VerificationException` will be thrown.
254
260
255
261
=== Implementing the Authentication Process Using WebAuthn4J
@@ -260,6 +266,7 @@ The primary API used during WebAuthn authentication is the browser’s `navigato
260
266
This is necessary because the `navigator.credentials.get` method requires a `challenge` parameter.
261
267
The WebAuthn specification does not define a specific method for transferring the challenge from the backend server to the frontend (client) for authentication.
262
268
Just as with the registration process, feel free to use any preferred method to pass the challenge to the frontend. The JavaScript API for parsing `PublicKeyCredentialGetOptions`, a parameter of `navigator.credentials.get`, is `PublicKeyCredential.parseCreationGetOptionsFromJSON`.
269
+
For alternative solutions to the issue that `PublicKeyCredential.parseCreationGetOptionsFromJSON` is not available in Safari, refer to <<./deep-dive.adoc#_alternative_to_unsupported_json_serialization_apis_in_safari,Alternative to Unsupported JSON Serialization APIs in Safari>>.
263
270
For additional options that can be specified for the `navigator.credentials.get` method, please refer https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get[MDN: CredentialsContainer: get() method].
0 commit comments