Decode the raw response from navigator.credentials.create() (registration) or navigator.credentials.get() (authentication). Parses clientDataJSON, the CBOR-encoded attestationObject, authenticatorData flags, AAGUID, credential ID, and the COSE-encoded public key — everything you need to debug a FIDO2 / passkey flow before writing the server-side verifier.
response. Individual fields (clientDataJSON, attestationObject, authenticatorData) can also be pasted on their own below.attestationObject — CBOR with three fields: fmt (statement format), attStmt (signature over authData + clientDataHash), and authData (rpIdHash + flags + signCount + attested credential + extensions).authenticatorData + signature separately. The signature covers authData ‖ SHA-256(clientDataJSON) and is verified with the credential's public key (stored at registration).kty=2, alg=-7 (ES256), crv=1 (P-256), x/y coordinates. RSA uses kty=3, alg=-257 (RS256), n/e. OKP (Ed25519) uses kty=1, alg=-8.UP (user present), UV (user verified — PIN/biometric), BE (backup eligible — passkey/synced), BS (backup state — currently synced), AT (attested credential present), ED (extensions present).