SimpleWebAuthn: Registration doesn't work on Android, verifyAttestation AndroidSafetyNet fail

First, thank you very much for your project.

I cant register my Google pixel on android 12. I get this error :

Attestation alg “-257” did not match metadata auth algs [-7] (SafetyNet).

All is ok with keys or Window Hello.

Registration parameters are :

  rp: { name: 'masked', id: 'masked' },
  user: {
    id: 'masked',
    name: masked',
   },
  pubKeyCredParams: [
    { alg: -7, type: 'public-key' },
    { alg: -257, type: 'public-key' }
   ],
  timeout: 60000,
  attestation: 'direct',
  authenticatorSelection: {
   userVerification: 'required',
   requireResidentKey: false
 }
extensions: { credProps: true, uvm: true }

Than you for your help Best regards Bruno.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (10 by maintainers)

Most upvoted comments

@bricous Just to follow up, I’ve merged fixes for the first two bullet points above, and I’ve identified and am working on a fix for the third bullet point. The solution to the third bullet point in particular will fix the original issue that prompted you to create this issue. None of it is available yet - they’ll all go out as @simplewebauthn/server@4.4.0 when I get the third fix merged.

+2
MasterKale on Feb 9, 2022

After adding GlobalSign_Root_CA cert, i can register with attestation: 'direct'. Bravo!

+1
bricous on Feb 2, 2022
Read more comments on GitHub
← SimpleWebAuthn: Error prone toUint8Array method
react-native-action-button: RCTView has a shadow set but cannot calculate shadow efficiently →