Add client-side diagnostic logging for Passkey PRF authentication
This commit is contained in:
@@ -202,7 +202,14 @@ export async function loginUser(username?: string): Promise<LoginResult> {
|
|||||||
const resolvedUsername = result.username
|
const resolvedUsername = result.username
|
||||||
|
|
||||||
// Try to decrypt master key using biometric PRF results
|
// Try to decrypt master key using biometric PRF results
|
||||||
const prfResults = (credentialResponse as any).clientExtensionResults?.prf
|
const clientExtensionResults = credentialResponse.clientExtensionResults || {}
|
||||||
|
console.log('WebAuthn client extension keys:', Object.keys(clientExtensionResults))
|
||||||
|
const prfResults = (clientExtensionResults as any).prf
|
||||||
|
console.log('PRF extension result present:', !!prfResults)
|
||||||
|
if (prfResults) {
|
||||||
|
console.log('PRF extension enabled:', prfResults.enabled)
|
||||||
|
console.log('PRF extension results first present:', !!prfResults.results?.first)
|
||||||
|
}
|
||||||
|
|
||||||
if (prfResults?.results?.first && result.encryptedMasterKeyPrf) {
|
if (prfResults?.results?.first && result.encryptedMasterKeyPrf) {
|
||||||
try {
|
try {
|
||||||
@@ -261,9 +268,11 @@ export async function completeLoginWithRecovery(
|
|||||||
|
|
||||||
// If PRF results are available from the login challenge, enroll them now
|
// If PRF results are available from the login challenge, enroll them now
|
||||||
if (encryptedPayloads.prfFirst) {
|
if (encryptedPayloads.prfFirst) {
|
||||||
|
console.log('Attempting PRF enrollment on recovery login...')
|
||||||
try {
|
try {
|
||||||
const prfKey = await deriveKeyFromPrf(encryptedPayloads.prfFirst)
|
const prfKey = await deriveKeyFromPrf(encryptedPayloads.prfFirst)
|
||||||
const encryptedPrf = await encryptBuffer(decryptedMaster, prfKey)
|
const encryptedPrf = await encryptBuffer(decryptedMaster, prfKey)
|
||||||
|
console.log('Sending PRF credentials to server...')
|
||||||
const enrollRes = await fetch(`${API_BASE}/enroll-prf`, {
|
const enrollRes = await fetch(`${API_BASE}/enroll-prf`, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: {
|
headers: {
|
||||||
@@ -276,12 +285,15 @@ export async function completeLoginWithRecovery(
|
|||||||
encryptedMasterKeyPrfTag: encryptedPrf.tag
|
encryptedMasterKeyPrfTag: encryptedPrf.tag
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
console.log('Enrollment response status:', enrollRes.status)
|
||||||
if (!enrollRes.ok) {
|
if (!enrollRes.ok) {
|
||||||
console.warn('Server rejected PRF enrollment')
|
console.warn('Server rejected PRF enrollment')
|
||||||
}
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Failed to encrypt/enroll master key with PRF key:', err)
|
console.error('Failed to encrypt/enroll master key with PRF key:', err)
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
console.log('No prfFirst present in encryptedPayloads, skipping enrollment.')
|
||||||
}
|
}
|
||||||
|
|
||||||
setActiveMasterKey(decryptedMaster)
|
setActiveMasterKey(decryptedMaster)
|
||||||
|
|||||||
Reference in New Issue
Block a user