【bug】challenge location hardcode to 23 for WebAuthnValidator.sol , is not compatible with some credential manager.

[lcmmhcc]

i use the wallet to create a transaction with android app. but it reverted as signature failed.
and i noticed that the signature decoded as below:

{
  "androidPackageName": "com.xxx.wallet.wallet",
  "challenge": "B6NwMN5p-JEMAG2BFbcu0PGk8WHd3r-wKykNrYI94os",
  "origin": "android:apk-key-hash:+sYXRdwJA3hvue3mKpYrOZ9zSPC7b4mbgzJmdZEDO5w",
  "type": "webauthn.get"
}

but in this webauthn validator (https://arbiscan.io/address/0x7ab16Ff354AcB328452F1D445b3Ddee9a91e9e69#code)

the challenge is decode from the hardcode location as 23 . see below

WebAuthn.sol
        string memory challengeProperty = string.concat('"challenge":"', challengeB64url, '"');

        if (!contains(challengeProperty, clientDataJSON, challengeLocation)) {
            deferredResult = false;
        }

WebAuthnValidator.sol

contract WebAuthnValidator is IValidator {
    // The location of the challenge in the clientDataJSON
    uint256 constant CHALLENGE_LOCATION = 23;

actually， it's 49 in this case.

and 23 is for. '"type": "webauthn.get"'

Can some one help me figure a solution for this case ?

[lcmmhcc]

@leekt plz help

[leekt]

Which credential manager are you using? It should be on 23 based on w3c spec
https://w3c.github.io/webauthn/#clientdatajson-serialization

[lcmmhcc]

Which credential manager are you using? It should be on 23 based on w3c spec https://w3c.github.io/webauthn/#clientdatajson-serialization
thanks for replying.
i've tried vivo phone native credential manager, and redmi phone native credential manager.

[lcmmhcc]

maybe i should decline the weauthn.create if the request is not in w3c format.

[leekt]

maybe i should decline the weauthn.create if the request is not in w3c format.

that's an option, weird behavior though 🤔