Merge pull request #7906 from onflow/webauthn-updates

Kay-Zee · web-flow · commit 78746577a608 · 2025-09-16T14:34:05.000-07:00
remove URL base 64 padding from webauthn challenge encoding
diff --git a/integration/testnet/client.go b/integration/testnet/client.go
@@ -197,7 +197,7 @@ func (c *Client) validWebAuthnExtensionData(transactionMessage []byte) ([]byte,
 		return nil, nil, err
 	}
 	authNChallenge := hasher.ComputeHash(transactionMessage)
-	authNChallengeBase64Url := base64.URLEncoding.EncodeToString(authNChallenge)
+	authNChallengeBase64Url := base64.RawURLEncoding.EncodeToString(authNChallenge)
 	validUserFlag := byte(0x01)
 	validClientDataOrigin := "https://testing.com"
 	rpIDHash := unittest.RandomBytes(32)
diff --git a/model/flow/transaction_test.go b/model/flow/transaction_test.go
@@ -437,7 +437,7 @@ func TestTransactionAuthenticationSchemes(t *testing.T) {
 
 		transactionMessage := transactionBody.EnvelopeMessage()
 		authNChallenge := hasher.ComputeHash(transactionMessage)
-		authNChallengeBase64Url := base64.URLEncoding.EncodeToString(authNChallenge)
+		authNChallengeBase64Url := base64.RawURLEncoding.EncodeToString(authNChallenge)
 		validUserFlag := byte(0x01)
 		validClientDataOrigin := "https://testing.com"
 		rpIDHash := unittest.RandomBytes(32)
diff --git a/model/flow/webauthn.go b/model/flow/webauthn.go
@@ -88,7 +88,7 @@ func validateWebAuthNExtensionData(extensionData []byte, payload []byte) (bool,
 	}
 
 	// base64url decode the challenge, as that's the encoding used client side according to https://www.w3.org/TR/webauthn-3/#dictionary-client-data
-	clientDataChallenge, err := base64.URLEncoding.DecodeString(clientData.Challenge)
+	clientDataChallenge, err := base64.RawURLEncoding.DecodeString(clientData.Challenge)
 	if err != nil {
 		return false, nil
 	}

Original file line number	Diff line number	Diff line change
`@@ -197,7 +197,7 @@ func (c *Client) validWebAuthnExtensionData(transactionMessage []byte) ([]byte,`
`197`	`197`	`return nil, nil, err`
`198`	`198`	`}`
`199`	`199`	`authNChallenge := hasher.ComputeHash(transactionMessage)`
`200`		`- authNChallengeBase64Url := base64.URLEncoding.EncodeToString(authNChallenge)`
	`200`	`+ authNChallengeBase64Url := base64.RawURLEncoding.EncodeToString(authNChallenge)`
`201`	`201`	`validUserFlag := byte(0x01)`
`202`	`202`	`validClientDataOrigin := "https://testing.com"`
`203`	`203`	`rpIDHash := unittest.RandomBytes(32)`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ func validateWebAuthNExtensionData(extensionData []byte, payload []byte) (bool,`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`// base64url decode the challenge, as that's the encoding used client side according to https://www.w3.org/TR/webauthn-3/#dictionary-client-data`
`91`		`- clientDataChallenge, err := base64.URLEncoding.DecodeString(clientData.Challenge)`
	`91`	`+ clientDataChallenge, err := base64.RawURLEncoding.DecodeString(clientData.Challenge)`
`92`	`92`	`if err != nil {`
`93`	`93`	`return false, nil`
`94`	`94`	`}`