ワンクリックで
webauthn-contract-tests
How to lock WebAuthn begin-ceremony API response shapes against browser/client challenge mismatches
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
How to lock WebAuthn begin-ceremony API response shapes against browser/client challenge mismatches
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Reuse the shared museum tray renderer across authenticated and public coin presentations.
Extend existing coin share cards with feature-specific context without duplicating renderers.
How to test GORM many-to-many relationships with join tables that have custom timestamp fields (beyond CreatedAt/UpdatedAt)
| name | webauthn-contract-tests |
| description | How to lock WebAuthn begin-ceremony API response shapes against browser/client challenge mismatches |
| domain | api-design |
| confidence | high |
| source | earned |
Use this when changing WebAuthn/passkey registration or login endpoints. Browser APIs are strict about where challenge, rpId, and credential IDs live, and schema wrapper mismatches can appear as missing challenge data on Safari/PWA clients.
options.challenge is non-empty when the API contract says options is passed to navigator.credentials.get({ publicKey: options }).rpId and at least one allowCredentials entry in the regression to catch credential loading or base64url encoding regressions.See src/api/handlers/webauthn_test.go:
TestWebAuthnHandlerLoginBeginReturnsRequestOptionsWithChallengeTestWebAuthnHandlerLoginFinishExpiredSessionTestWebAuthnHandlerLoginFinishMissingSessionBeginLogin returns HTTP 200; that can still hide a missing or incorrectly nested challenge.CredentialAssertion wrapper under another options key unless the frontend explicitly expects options.publicKey.challenge.