webauthn: implement proper support for extensions + validation
pmlopes opened this issue · 1 comments
pmlopes commented
WebAuthn Level 2, defines a set of core extensions. While the current API does allow specifying extensions, there is no way to tell if the extension is for registration and/or authentication. It is also not possible to process and validate any extension response.
See: https://www.w3.org/TR/webauthn-2/#sctn-defined-extensions
pmlopes commented
Currently the extensions are just a map on the options object. This should be deprecated (as it's currently a NOOP feature) and we should define a codegen interface/data object for extensions:
The shape of this object should include:
- a name
- a use (
registration,authentication,both) - a value (this could be anything:
boolean,String,JSONObject, ...) - a validator function
The JavaScript companion library should also extract the extension results and post them back to the library so it can validate the responses.