Skip to content

Support loading offline MDS blobs in MetadataService#752

Open
MasterKale wants to merge 14 commits intomasterfrom
feat/support-offline-metadata-blobs
Open

Support loading offline MDS blobs in MetadataService#752
MasterKale wants to merge 14 commits intomasterfrom
feat/support-offline-metadata-blobs

Conversation

@MasterKale
Copy link
Owner

@MasterKale MasterKale commented Mar 3, 2026
edited
Loading

This PR updates MetadataService with a new mdsBlobs argument in initialize(). This argument accepts an array of MDS blobs that a project may wish to download and load offline, bundle with a worker, etc...

To use it, pass in blobs like so:

const cachedBlob: string = await getCachedBlobFromDisk();
await MetadataService.initialize({
  mdsServers: [],  // Makes sure no blobs are downloaded from the internet
  mdsBlobs: [cachedBlob],
});

The blob JWT will go through typical verification before the metadata statements within are loaded and available with a typical MetadataService.getStatement() and during attestation statement verification in verifyRegistrationResponse().

No effort will be made to refresh any stale MDS blobs passed into mdsBlobs.

Fixes #732.

@MasterKale MasterKale mentioned this pull request Mar 3, 2026
Open
@MasterKale MasterKale added the package:server @simplewebauthn/server label Mar 3, 2026
@MasterKale MasterKale added this to the v13.2.4 milestone Mar 3, 2026
@MasterKale MasterKale mentioned this pull request Mar 3, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

package:server @simplewebauthn/server

Projects

None yet

Milestone

v13.3.0

Development

Successfully merging this pull request may close these issues.

Expose MDS download or statement cache

1 participant

@MasterKale