8Kas
Is clientDataJson and attestationObject required to verify assertion during authentication in WebAuthN?
Currently I am working on implementing/supporting WebAuthN in my service (JAVA). I have a Control Plane which handles the registration ceremony and Data Plane that handles the authentication ceremony. I am using WebAuthN4J. The persistent storage (database) of Control Plane and Data Plane are separate and I am propagating the publicKey between the two attestationObject.attestedCredentialData.credentialPublicKey. I want to know if Data Plane needs clientDataJson and anything else in attestationObject to verify the assertion during authentication and why?
WebAuthN4J library document lists that to verify an assertion on authentication, it needs the entire CredentialRecord ie CredentialDataJson and AttestationObject
