Apparently on the client, Apple is signing SHA256(SHA256(authData || clientDataHash)). Changing this to a double hash allows the signature to verify correctly.
Topic:
Privacy & Security
SubTopic:
General
Tags: