Secure Payment Request Verify relies on patched simplewebauthn

[fabiancook]

The verification process for secure payment request matches the standard authentication flow, it should be implemented within simplewebauthn, however this may need to wait till after secure payment request moves to candidate recommendation.

logistics/src/listen/auth/webauthn.ts

Lines 548 to 559 in 2ecc45d

	const {verified, authenticationInfo} = await verifyAuthenticationResponse({
	response: payment.details,
	expectedChallenge,
	expectedOrigin: WEBAUTHN_RP_ORIGIN || origin,
	expectedRPID: WEBAUTHN_RP_ID || hostname,
	authenticator: {
	credentialID: new Uint8Array(toArrayBuffer(found.credentialId, true)),
	credentialPublicKey: new Uint8Array(toArrayBuffer(found.credentialPublicKey, true)),
	transports: found.authenticatorTransports,
	counter: found.credentialCounter ?? 0
	}
	});