WebAuthn Registration | Result

The goal is to verify the authenticity and integrity of the data returned by the client, ensure that the credential is bound to the expected user, and safely register a public key credential for future authentication.

 

The server must validate the client response following these steps:

 

• Parse the client response: The client sends a response like this to the server.

 

{
  "id": "base64url-encoded credential ID",
  "rawId": "base64url-encoded ID bytes",
  "response": {
    "clientDataJSON": "base64url",
    "attestationObject": "base64url"
  },
  "type": "public-key"
}

 

• The server validates the clientDataJSON and attestationObject
• Verifies the Attestation Statement (if defined)
• If everything is valid then can store the credential and can trust the public key for future logins

 

 

Registration Successful

If the response sent by the client is valid, the event OnWebAuthnRegistartionSuccessful is called and the Credential Record can be safely stored into a database for future logins validations.

 

procedure OnWebAuthnRegistrationSuccessful(Sender: TObject; const aRegistration: TsgcWebAuthn_Registration; 
  const aCredentialRecord: TsgcWebAuthn_CredentialRecord; var Accept: Boolean);
begin
  // store in a db
  DB.Credentials.Append;
  DB.Credentials.FieldByName('Credentials').AsString := aCredentialRecord.AsJSON;
  DB.Credentials.Post;
end;

Registration Error

If there is any error while validating the client response, the event OnWebAuthnRegistrationError is called and you can access to the reason of the error in the parameter aError.

 

procedure OnWebAuthnRegistrationError(Sender:
    TObject; const aRequest: TsgcWebAuthn_RegistrationVerify_Request; const
    aRegistration: TsgcWebAuthn_Registration; const aError: string);
begin
  Log('#webauthn_registration_error: ' + aError);
end;