Skip to content

update simplewebauthn to v13.3.0#284

Merged
briskt merged 2 commits into
mainfrom
upgrade-simplewebauthn
May 27, 2026
Merged

update simplewebauthn to v13.3.0#284
briskt merged 2 commits into
mainfrom
upgrade-simplewebauthn

Conversation

@briskt

@briskt briskt commented May 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

IDP-2026 Re-Upgrade SimpleWebAuthn

Changed

  • Upgraded simplewebauthn to the latest version (v13.3.0).
    • Changed the parameter passed to startRegistration to conform to the new API.
    • Base64url encode the user ID before passing to startAuthentication. This is necessary to maintain compatibility with passkeys saved by earlier versions of sil-org/idp-profile-ui. Even though the user ID is already base64url-encoded by the go-webauthn library in serverless-mfa-api-go changes in simplewebauthn require that we double-encode it. The simplewebauthn startAuthentication function will immediately decode it, removing the outer layer of encoding, before sending it to the browser. Passkeys saved in our database and in clients (mobile devices, password managers, etc.) have user IDs that are base64url-encoded UUID strings so if we didn't double-encode it, startAuthentication would decode it to a plain text UUID string.

Feature branch checklist

  • Documentation (README, etc.)
  • Run make format and make depsupdate

@briskt briskt requested a review from a team as a code owner May 26, 2026 09:29
@briskt briskt requested review from ethancanne, forevermatt, hobbitronics and mtompset and removed request for a team May 26, 2026 09:29
mtompset
mtompset reviewed May 26, 2026
View reviewed changes
Comment thread src/2sv/key/Touch.vue
mtompset
mtompset reviewed May 26, 2026
View reviewed changes
Comment thread installed-versions.json
mtompset
mtompset reviewed May 26, 2026
View reviewed changes
Comment thread package.json
@briskt briskt requested a review from mtompset May 26, 2026 14:46
@forevermatt

forevermatt commented May 26, 2026

Copy link
Copy Markdown
Contributor
  • Base64url decode the user ID before passing to startAuthentication

Did you mean, "Base64url encode the user ID before passing to startAuthentication"?

forevermatt
forevermatt approved these changes May 26, 2026
View reviewed changes

@forevermatt forevermatt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for figuring this out 👍

@briskt

briskt commented May 27, 2026

Copy link
Copy Markdown
Contributor Author
  • Base64url decode the user ID before passing to startAuthentication

Did you mean, "Base64url encode the user ID before passing to startAuthentication"?

Yes, thank you.

@briskt briskt merged commit 4f7d10c into main May 27, 2026
1 check passed
@briskt briskt deleted the upgrade-simplewebauthn branch May 27, 2026 03:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@forevermatt forevermatt forevermatt approved these changes

@mtompset mtompset mtompset approved these changes

@ethancanne ethancanne Awaiting requested review from ethancanne ethancanne is a code owner automatically assigned from sil-org/js-devs

@hobbitronics hobbitronics Awaiting requested review from hobbitronics hobbitronics is a code owner automatically assigned from sil-org/js-devs

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@briskt @forevermatt @mtompset