Webauthn : iOS 17.x io.vertx.ext.auth.webauthn.impl.attestation.AttestationException: AAGUID is not 00000000-0000-0000-0000-000000000000!
tcompiegne opened this issue · 3 comments
Questions
Hey team and @pmlopes we noticed some peculiar WebAuthn behaviour when registering a credential with your library.
I've seen that on devices with iOS 17.2+, they fail webauthn credential registration (/webauthn/register) with the error:
io.vertx.ext.auth.webauthn.impl.attestation.AttestationException: AAGUID is not 00000000-0000-0000-0000-000000000000!.
In the payload of the attestation sent by the iOS device the value of fmt
in attestationObject is none
.
However, the authData in the attesationObject created by and device with iOS 17.x+ seems to have an AAGUID that is NOT 00000000-0000-0000-0000-000000000000.
This means that validation always fails and a credential cannot be registered.
Is someone else noticed this behavior ?
Hey @pmlopes,
FYI, to unlock our users, we have created our own NoneAttestation to relax the exception and log it as a warning. We have also decided to force the given AAGUID with zeros for privacy reason in this use case.
Regards