fix: webauthn script parsing for AME-34349

Thomas Schofield · thomas-schofield-fr · commit 7a74994a6ecd · 2026-02-23T15:44:29.000Z
diff --git a/packages/javascript-sdk/src/fr-webauthn/index.ts b/packages/javascript-sdk/src/fr-webauthn/index.ts
@@ -178,7 +178,15 @@ abstract class FRWebAuthn {
           credential = await this.getAuthenticationCredential({ publicKey, mediation });
           outcome = this.getAuthenticationOutcome(credential);
         } else if (textOutputCallback) {
-          publicKey = parseWebAuthnAuthenticateText(textOutputCallback.getMessage());
+          const metadata = this.extractMetadata(textOutputCallback.getMessage());
+
+          if (metadata) {
+            publicKey = this.createAuthenticationPublicKey(
+              metadata as WebAuthnAuthenticationMetadata,
+            );
+          } else {
+            publicKey = parseWebAuthnAuthenticateText(textOutputCallback.getMessage());
+          }
 
           credential = await this.getAuthenticationCredential({ publicKey });
           outcome = this.getAuthenticationOutcome(credential);
@@ -245,7 +253,13 @@ abstract class FRWebAuthn {
           );
           outcome = this.getRegistrationOutcome(credential);
         } else if (textOutputCallback) {
-          publicKey = parseWebAuthnRegisterText(textOutputCallback.getMessage());
+          const metadata = this.extractMetadata(textOutputCallback.getMessage());
+
+          if (metadata) {
+            publicKey = this.createRegistrationPublicKey(metadata as WebAuthnRegistrationMetadata);
+          } else {
+            publicKey = parseWebAuthnRegisterText(textOutputCallback.getMessage());
+          }
           credential = await this.getRegistrationCredential(
             publicKey as PublicKeyCredentialCreationOptions,
           );
@@ -602,6 +616,17 @@ abstract class FRWebAuthn {
     window.PingWebAuthnAbortController = abortController;
     return abortController;
   }
+
+  private static extractMetadata(message: string): object | null {
+    const contextMatch = message.match(/^var scriptContext = (.*)$/);
+    const jsonString = contextMatch?.[1];
+
+    if (jsonString) {
+      return JSON.parse(jsonString);
+    }
+
+    return null;
+  }
 }
 
 export default FRWebAuthn;
