webauthn::WebAuthn method assert_clientdata_json (protected)

 <instance of webauthn::WebAuthn[i]> assert_clientdata_json \
    [ -clientData_raw clientData_raw ] \
    [ -expected_type expected_type ] \
    [ -expected_challenge expected_challenge ] \
    [ -expected_origin expected_origin ]

Defined in packages/webauthn/tcl/webauthn-procs.tcl

clientDataJSON is bytes (as received). We decode and validate: - type - challenge - origin

Switches:
-clientData_raw (optional)
-expected_type (optional)
-expected_challenge (optional)
-expected_origin (optional)

Testcases:
No testcase defined.
Source code:
set clientData_json [ns_base64urldecode -- $clientData_raw]
if {$clientData_json eq ""} {
    throw {validation missing-clientdata} "invalid clientDataJSON"
}
set cd [util::json2dict $clientData_json]

if {![dict exists $cd type]} {
    throw {validation bad-clientdata-json} "clientDataJSON missing 'type'"
}
if {![dict exists $cd challenge]} {
    throw {validation bad-clientdata-json} "clientDataJSON missing 'challenge'"
}
if {![dict exists $cd origin]} {
    throw {validation bad-clientdata-json} "clientDataJSON missing 'origin'"
}

set type      [dict get $cd type]
set challenge [dict get $cd challenge]
set origin    [dict get $cd origin]

if {$type ne $expected_type} {
    throw {validation wrong-type} "unexpected clientDataJSON type '$type' (expected '$expected_type')"
}
if {$challenge ne $expected_challenge} {
    throw {validation challenge-mismatch} "challenge mismatch"
}
if {$origin ne $expected_origin} {
    throw {validation origin-mismatch} "origin mismatch (expected $expected_origin received $origin)"
}

return $clientData_json
XQL Not present:
Generic, PostgreSQL, Oracle
[ hide source ] | [ make this the default ]
Show another procedure: