Lessons Phishing vs Passkeys: A Head-to-Head

It looks like you're implementing a WebAuthn-based authentication system using Fastify, and you've provided the beginnings of an API for registering new credentials and verifying existing ones. Here's how you can complete your implementation:

1. Registering New Credentials

You already have a route to register new credentials:

javascript
 
1fastify.post('/register/verify', async (request, reply) => {
2    try {
3        const { username, credential } = request.body;
4        
5        // Check if the user exists and get their current challenge
6        const user = userStore.get(username);
7        if (!user) {
8            return reply.code(404).send({ error: 'User not found' });
9        }
10
11        // Verify the registration response
12        const verification = await verifyRegistrationResponse({
13            credential,
14            expectedChallenge: user.challenge,
15            expectedOrigin: webAuthnConfig.origin,
16            expectedRPID: webAuthnConfig.rpId,
17            authenticator: {
18                credentialID: null,  // This is a new credential, so no ID yet
19                credentialPublicKey: null,  // No public key for a new credential
20                counter: null,  // Counter not set for a new credential
21
22[Read the full article at DEV Community](https://dev.to/johalputt/lessons-phishing-vs-passkeys-a-head-to-head-3k28)
23
24---
25
26**Want to create content about this topic?** [Use Nemati AI tools](https://nemati.ai) to generate articles, social posts, and more.