Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Browser extension WebAuthn PRF extension not spec-compliant
Hi there,
Noticed that the 1Password browser extension returns a non-spec-compliant response type when trying to create a credential with the WebAuthn PRF extension.
I came across this while building a project using https://github.com/FiloSottile/typage#encrypt-and-decrypt-a-file-with-a-passkey.
According to https://w3c.github.io/webauthn/#dictdef-authenticationextensionsprfvalues, the `results` should be of type https://webidl.spec.whatwg.org/#BufferSource which is an `ArrayBuffer` or an `ArrayBufferView`. In poking around in my browser, it seems the 1Password implementation returns a plain `Array`.
I've got a fix ready for that specific library (I've contacted the author to see if they'd accept a PR) but figured I'd mention it to you folks as well just in case.
2 Replies
- 1P_Dave
Moderator
Thank you both for reporting this! It looks like we've received other reports as well and a bug report has been opened with our development team to look into this further. So that I can flag this further internally, are you able to share the following:
- The version of 1Password in the browser where you first noticed the issue.
- A link to a website using an implementation of the PRF extension for passkeys where this issue breaks passkey functionality with 1Password.
I look forward to hearing from you.-Dave
Issue=FS-5593
We've noticed that 1Password changed the return value for the primary refresh token, when calling `navigator.credentials.get()`. From what used to be ArrayBufferView (we think) is now a plain Array.
This is currently also inconsistent across platforms. Current Safari still works, while Chrome and Firefox extensions are broken.
