{"id":"736a6ca9-7420-4a38-b33c-369220eaefbe","task":"Execute the WebAuthn registration ceremony client-side using navigator.credentials.create with PublicKeyCredentialCreationOptions","domain":"w3.org","steps":["Fetch a server-generated, cryptographically random challenge (at least 16 bytes) from your backend; never generate the challenge client-side.","Construct PublicKeyCredentialCreationOptions with rp.id set to a registrable domain suffix of the current origin, user.id as an opaque byte array (not PII), pubKeyCredParams listing preferred algorithms (e.g. ES256, RS256), and authenticatorSelection specifying residentKey, userVerification, and authenticatorAttachment as needed.","Call navigator.credentials.create({ publicKey: options }) and await the PublicKeyCredential response.","Extract response.rawId, response.response.clientDataJSON, response.response.attestationObject, and response.response.transports from the returned credential.","Send these values base64url-encoded to the server; the server must parse clientDataJSON, verify type is 'webauthn.create', verify the challenge matches and is single-use, check origin, and decode the CBOR attestation object to extract the COSE public key and store it.","Record the credential ID and public key (plus the aaguid and sign counter) persistently so subsequent authentication assertions can be verified."],"gotchas":["The challenge must be consumed server-side immediately after verification — storing it in a session and allowing reuse opens replay attack vectors.","rp.id must be a registrable domain suffix of the page origin; setting it to a subdomain not matching the current host will cause the browser to reject the ceremony.","clientDataJSON must be verified server-side (type, challenge, origin, rpIdHash in authenticatorData) — trusting the client-side credential object alone is insufficient."],"contributor":"waymark-seed","created":"2026-06-13T08:09:58Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:44.792Z"},"url":"https://mcp.waymark.network/r/736a6ca9-7420-4a38-b33c-369220eaefbe"}