pythondjangowebauthnpassword-lessattestations

Python WebAuthn: Unable to verify attestation statement format


I have implemented some sort of password-less authentication using DUO lab's webauthn using Django. However, I keep getting this error:

Unable to verify attestation statement format..

when authenticating on my Android phone (at least for now). How can I include more attestation formats to incorporate Android, Windows hello and any other device in this library's attestation formats?


Solution

  • The current version of the webauthn library only supports the following attestation formats:

    You mentioned you're trying to register an Android device - without seeing a response you're getting back from the call to navigator.credentials.create() I'd make an educated guess that you're getting responses with "android-safetynet" or "android-key" attestation statements which the library is unable to verify.