WebAuthn enrollment fails on iOS 18.2 with attestation chain#91

Open

PRPriya Banerjeecommented 1d ago

Describe the bug

WebAuthn enrollment fails on iOS 18.2 with attestation chain — surfaces on verity in the critical-priority path. The full reproduction is below, along with the workaround we use in staging.

Reproduce

Clone lattice-systems/verity at the tip of main.
Run the smoke suite: pnpm test --workspace verity.
Notice the test for the affected contract flakes within the first 50 iterations.

Expected behavior

The contract should hold deterministically across the full matrix — staging, production, and the local dev runtime.

Environment

node 22.x
pnpm 9.x
OS: macOS 15.2 (also reproduced on Linux 6.x)

Labels: bug, security

PRPriya Banerjeecommented 3d ago

Pulled this locally, the workaround in the description is solid. Happy to land it as a follow-up.

PRPriya Banerjeecommented 3d ago

Could we add a regression test before the patch lands? Otherwise this will resurface as soon as the surrounding cleanup happens.

PRPriya Banerjeecommented 2d ago

Bumping priority — three customers hit this last week, two of them on the enterprise tier.

PRPriya Banerjeecommented 2d ago

Re-reading the spec, I think the right contract is the one in the bug report, not the one we're shipping. Going to open a small PR.

PRpriya-banerjeeself-assigned this1d ago

PRpriya-banerjeeadded the labelbug1d ago

PRpriya-banerjeeadded a commit that references this issuefix(verity): guard the regression surfaced in #9103081a015h ago

PRpriya-banerjeementioned this in#14111h ago

Issues