I am developing FIDO2 Android authenticator. I just received MAKE_CREDENTIAL request from webauthn client. And then
- Created Credential Data which includes AAGUID, credential length, credentialId,Public key.
- Public key will contain curve name, algorithm name, key type, x and y coordinates.
- Then I formed Auth Data which includes rpIdHash, flags, signCount and attested Credential data.
Then I sent all those data to webauthn client chuck by chunk in MSG,LLEN,HLEN,DATA format.
{ "fmt": "android-safetynet", "authData": "9569088f1ecee….”, "attStmt": { "ver": "14366019", "response": "65794a68624763…” } }
I am using Android SafetyNet attestation in above format. But I didn’t get any response from webauthn server. I am using ANDROID_ID (Manufacture ID) as AAGUID. Is it correct?
I analysed and debugged my code. I couldn’t able to find any issues. Please help me to proceed the flow.
