Avoiding storing ceremony challenge by signing it when sending to client?

[Rick Mann]

I have a WebAuthn question that might be in the weeds a bit. Passkeys have two operations: Registration and Sign In (Authentication). Both a have two steps: Step 1) request a challenge (some random data) from the server, and Step 2) sign it with your private key, and return the challenge and signature to the server.

The server then compares the challenge with the one it generated in Step 1, and verifies the signature. I don’t want to store that generated challenge from Step 1, so I'm thinking this would work:

In Step 1, the server generates the challenge and a short expiry date for it, signs both of those together, and sends them to the client along with the signature.

The client sends back this whole bundle along with its WebAuthn signature, and the server then validates the challenge and the WebAuthn signature.

Is this less secure than storing it on the server? I think it’s just like a JWT, so it should be just as secure, right?

[Adam Langley]

If the server is stateless, then the assertion response could be used multiple times until the challenge expires. Perhaps the challenge expires quickly enough that you don't care, although it can be difficult to be that strict when using conditional UI, where the login form can be outstanding for a long time.

There are many ways to handle challenges, and each may be considered reasonable in certain contexts (esp if the alternative is using passwords). The specs tend to suggest the simple & safe options.

Cheers

AGL