torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance debug logging and validation in Passkey Registration API
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 54s
Details

Browse Source 
Add additional debug statements to the register-passkey-options API to validate the options structure, including checks for challenge type and user ID format. Improve logging to capture detailed information about the options being returned, aiding in troubleshooting and ensuring compliance with Cross-Device requirements.
This commit is contained in:
Torsten Schulz (local)
2026-01-08 15:57:19 +01:00
parent 6535abf074
commit 04f38cda69
2 changed files with 177 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/api/auth/register-passkey-options.post.js
View File

@@ -145,18 +145,43 @@ export default defineEventHandler(async (event) => {
// Options direkt zurückgeben (wie in passkeys/registration-options.post.js)
// @simplewebauthn/server gibt bereits korrekt formatierte Options zurück
const totalDuration = Date.now() - requestStart
// Debug: Prüfe die vollständige Options-Struktur
console.log(`[DEBUG] Returning options (total: ${totalDuration}ms)`, {
registrationId,
optionsKeys: Object.keys(options),
challengeLength: options.challenge?.length,
challengeType: typeof options.challenge,
rpId: options.rp?.id,
rpName: options.rp?.name,
userIdType: typeof options.user?.id,
timeout: options.timeout
userName: options.user?.name,
userDisplayName: options.user?.displayName,
timeout: options.timeout,
timeoutType: typeof options.timeout,
pubKeyCredParamsCount: options.pubKeyCredParams?.length,
authenticatorSelection: options.authenticatorSelection,
hasExtensions: !!options.extensions,
hasHints: !!options.hints,
excludeCredentialsCount: options.excludeCredentials?.length || 0
})
// WICHTIG: Prüfe, ob die Options für Cross-Device korrekt sind
// Für Cross-Device muss die Challenge ein String sein (Base64URL)
if (typeof options.challenge !== 'string') {
console.error('[DEBUG] ERROR: Challenge is not a string!', typeof options.challenge, options.challenge)
}
// Prüfe, ob user.id ein Uint8Array ist (wird zu Base64URL konvertiert)
if (options.user?.id instanceof Uint8Array) {
console.log('[DEBUG] user.id is Uint8Array (will be converted to Base64URL by browser)')
} else {
console.log('[DEBUG] user.id type:', typeof options.user?.id, 'value:', options.user?.id?.substring?.(0, 20))
}
// WICHTIG: Options direkt zurückgeben, keine manuelle Serialisierung
// Die Options von @simplewebauthn/server sind bereits korrekt formatiert
// Nuxt/Nitro serialisiert automatisch zu JSON
return { success: true, registrationId, options }
})