That classic “Unexpected token e in JSON at position 0” message sounds like text or HTML is being sent in the payload instead of JSON. But if you inspect the network request you can see that indeed, JSON data is going up? And the Content-Type header is actually application/json?
As far as I can tell, the exact same thing is happening in my dev environment, but I have no such errors - is there anything different happening there?
Right. Just this - I did think it was weird that clientDataJSON is just the bearer token, and isn’t actually JSON. Maybe that’s the issue? Would explain that it’s specifically complaining about token e
Interesting…what does clientDataJSON look like in local dev, where it does work? No idea why that key would contain different data in development vs. production though!
Hmmmm…that object is created/handled by the simplewebauthn lib that we use, Redwood’s not creating that or messing with the contents at all. Is there a previous request to that, one that retrieves the registration options? The URL will be something like /auth?method=webAuthnRegOptions … what’s the payload/response of that one look like?
Hello, author of SimpleWebAuthn here. @arimendelow linked me here via an issue on the project’s repo. I figured I’d try and contribute here since there’s already an existing conversation.
There’s talk of a broken “production” environment here; is that publicly available? I want to throw in some breakpoints in the browser and see if something looks wonky on that environment.
And I apologize in advance if I ask some “dumb” RedwoodJS questions, I’m flattered the project uses my stuff but I’ve not yet used RedwoodJS myself
I found it, looks like http://spoonjoy(dot)co (I have to mangle this because I’m a “new user” and can’t post more than two links ) is the site? I’ll bet you what we’re dealing with here is a non-HTTPS website trying to use WebAuthn, and the WebAuthn call throws an error because WebAuthn needs to be used in a “Secure Context”: Secure contexts - Web security | MDN