Format and return proper WebAuthn attestation response

[gppmad]

Format and return proper WebAuthn attestation response

Title: Format and return proper WebAuthn attestation response

Description:

Format the signature, public key, and challenge into the correct WebAuthn PublicKeyCredential response structure and return it to the website. This is what the website validates to complete registration.

Acceptance Criteria:

• Create proper WebAuthn response object in inject.js
• Include: id, rawId, response.clientDataJSON, response.attestationObject
• Response is returned as a resolved Promise
• Website receives the credential response without errors
• Tested on https://webauthn.io — registration succeeds (or website accepts the response)

Technical Details:

Location: inject.js (the injected page script)

Build the response object:

const response = {
  id: credentialId,
  rawId: credentialIdBuffer,
  response: {
    clientDataJSON: clientDataJSONBuffer,
    attestationObject: attestationObjectBuffer
  },
  type: "public-key"
};

// Return as resolved Promise to replace navigator.credentials.create()
return Promise.resolve(response);

What each field contains:

• id: Base64-encoded credentialId (for display)
• rawId: Uint8Array of credentialId
• clientDataJSON: Encoded challenge + origin + type info
• attestationObject: Encoded public key + signature proof
• type: Always "public-key"

Implementation Notes:

• Use CBOR encoding for attestationObject (or use library)
• clientDataJSON contains: {"type":"webauthn.create","challenge":"...","origin":"..."}
• Encode challenge as base64url in clientDataJSON
• Include website's origin in clientDataJSON
• Signature proves you own the private key

Testing:

1. Load extension
2. Visit https://webauthn.io
3. Click "Register"
4. Check console — response object should be logged
5. Website should accept the response and complete registration

Blocked by: Sign the challenge with private key

Blocks: Store passkey metadata in extension storage