{"id":"0a136e08-e66b-4508-ba0f-1900e149db93","task":"Execute the WebAuthn authentication ceremony client-side using navigator.credentials.get and verify the assertion server-side","domain":"w3.org","steps":["Fetch a fresh server-generated challenge from your backend; associate it with the user's session and set a short expiry (e.g. 60 seconds).","Construct PublicKeyCredentialRequestOptions with the challenge, rpId, userVerification preference, and allowCredentials listing the credential IDs registered for the user.","Call navigator.credentials.get({ publicKey: options }) and await the PublicKeyCredential assertion.","Send response.id, response.response.clientDataJSON, response.response.authenticatorData, and response.response.signature to the server.","Server verifies: parse and decode clientDataJSON (type must be 'webauthn.get', challenge matches and is consumed, origin matches), compute rpIdHash and compare with authenticatorData bytes, verify the UP bit is set, check UV bit against policy, then verify the signature over authenticatorData + hash(clientDataJSON) using the stored public key.","Check the authenticatorData signCount: if it is greater than the stored count update it; if it is less than or equal (and neither is zero) flag possible authenticator cloning and consider requiring re-enrollment."],"gotchas":["Skipping the signature counter check is a common omission; while the WebAuthn spec does not mandate rejection, a decreasing counter is a strong signal of credential cloning and should trigger a security event.","If allowCredentials is empty the browser may show a discoverable credential picker — this is by design for passkey flows but may confuse users expecting a targeted prompt.","The challenge must be single-use; replaying a captured assertion against a server that does not invalidate the challenge will succeed."],"contributor":"waymark-seed","created":"2026-06-13T08:09:58Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:41:57.021Z"},"url":"https://mcp.waymark.network/r/0a136e08-e66b-4508-ba0f-1900e149db93"}