remove AuthenticationCredential rawID

marius-se · marius-se · commit df6ac353c0ad · 2023-01-06T17:21:27.000+01:00
diff --git a/Sources/WebAuthn/Ceremonies/Authentication/AuthenticationCredential.swift b/Sources/WebAuthn/Ceremonies/Authentication/AuthenticationCredential.swift
@@ -16,15 +16,13 @@ import Foundation
 
 /// The unprocessed response received from `navigator.credentials.get()`.
 public struct AuthenticationCredential: Codable {
-    public let id: String
-    public let rawID: URLEncodedBase64
+    public let id: URLEncodedBase64
     public let response: AuthenticatorAssertionResponse
     public let authenticatorAttachment: String?
     public let type: String
 
     enum CodingKeys: String, CodingKey {
         case id
-        case rawID = "rawId"
         case response
         case authenticatorAttachment
         case type
diff --git a/Sources/WebAuthn/Helpers/Base64Utilities.swift b/Sources/WebAuthn/Helpers/Base64Utilities.swift
@@ -33,6 +33,14 @@ extension Array where Element == UInt8 {
     }
 }
 
+extension Data {
+    /// Encodes data into a base64url-encoded string
+    /// - Returns: A base64url-encoded string
+    public func base64URLEncodedString() -> String {
+        return [UInt8](self).base64URLEncodedString()
+    }
+}
+
 extension String {
     /// Decode a base64url-encoded `String` to a base64 `String`
     /// - Returns: A base64-encoded `String`
diff --git a/Sources/WebAuthn/VerifiedAuthentication.swift b/Sources/WebAuthn/VerifiedAuthentication.swift
@@ -0,0 +1,13 @@
+import Foundation
+
+public struct VerifiedAuthentication {
+    let credentialID: URLEncodedBase64
+    let newSignCount: UInt32
+    let credentialDeviceType: CredentialDeviceType
+    let credentialBackedUp: Bool
+}
+
+public enum CredentialDeviceType: String, Codable {
+    case singleDevice = "single_device"
+    case multiDevice = "multi_device"
+}
diff --git a/Sources/WebAuthn/WebAuthnManager.swift b/Sources/WebAuthn/WebAuthnManager.swift
@@ -129,10 +129,9 @@ public struct WebAuthnManager {
         credentialPublicKey: [UInt8],
         credentialCurrentSignCount: Int,
         requireUserVerification: Bool = false
-    ) throws {
+    ) throws -> VerifiedAuthentication {
         let expectedRpID = config.relyingPartyID
         let expectedOrigin = config.relyingPartyOrigin
-        guard credential.rawID == credential.id else { throw WebAuthnError.badRequestData }
         guard credential.type == "public-key" else { throw WebAuthnError.badRequestData }
 
         let response = credential.response
@@ -170,6 +169,13 @@ public struct WebAuthnManager {
         let credentialPublicKey = try CredentialPublicKey(publicKeyBytes: credentialPublicKey)
         guard let signatureData = response.signature.base64URLDecodedData else { throw WebAuthnError.badRequestData }
         try credentialPublicKey.verify(signature: signatureData, data: signatureBase)
+
+        return VerifiedAuthentication(
+            credentialID: credential.id,
+            newSignCount: authenticatorData.counter,
+            credentialDeviceType: authenticatorData.flags.isBackupEligible ? .multiDevice : .singleDevice,
+            credentialBackedUp: authenticatorData.flags.isCurrentlyBackedUp
+        )
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,14 @@ extension Array where Element == UInt8 {`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
	`36`	`+extension Data {`
	`37`	`+ /// Encodes data into a base64url-encoded string`
	`38`	`+ /// - Returns: A base64url-encoded string`
	`39`	`+ public func base64URLEncodedString() -> String {`
	`40`	`+ return [UInt8](self).base64URLEncodedString()`
	`41`	`+ }`
	`42`	`+}`
	`43`	`+`
`36`	`44`	`extension String {`
`37`	`45`	/// Decode a base64url-encoded `String` to a base64 `String`
`38`	`46`	/// - Returns: A base64-encoded `String`