Skip to content

Invalid type of AuthenticationExtensionsClientOutputs.CredProps #415

New issue
New issue
Closed
Closed
Invalid type of AuthenticationExtensionsClientOutputs.CredProps#415
@geel9

Description

@geel9
geel9
opened on Aug 1, 2023

Problem

The type AuthenticationExtensionsClientOutputs does not match the spec's definition.

Specifically, in fido2-net-lib, the property CredProps on AuthenticationExtensionsClientOutputs is defined as bool, but the spec defines the type as CredentialPropertiesOutput.

fido2-net-lib

public class AuthenticationExtensionsClientOutputs
{
...
    /// <summary>
    /// This client registration extension facilitates reporting certain credential properties known by the client to the requesting WebAuthn Relying Party upon creation of a public key credential source as a result of a registration ceremony.
    /// </summary>
    [JsonPropertyName("credProps")]
    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    public bool? CredProps { get; set; }
...
}

WebAuthN Spec

dictionary CredentialPropertiesOutput {
    boolean rk;
};

partial dictionary AuthenticationExtensionsClientOutputs {
    CredentialPropertiesOutput credProps;
};

Solution

A new type, AuthenticationExtensionsCredentialPropertiesOutputs (or, if the code standard is to explicitly match the spec's type names, it should be named CredentialPropertiesOutput) should be defined:

public sealed class AuthenticationExtensionsCredentialPropertiesOutputs
{
    [JsonPropertyName("rk")]
    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    public bool? ResidentKey { get; set; }
}

And the type of CredProps in AuthenticationExtensionsClientOutputs should be changed to AuthenticationExtensionsCredentialPropertiesOutputs:

public class AuthenticationExtensionsClientOutputs
{
...
    /// <summary>
    /// This client registration extension facilitates reporting certain credential properties known by the client to the requesting WebAuthn Relying Party upon creation of a public key credential source as a result of a registration ceremony.
    /// </summary>
    [JsonPropertyName("credProps")]
    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    public AuthenticationExtensionsCredentialPropertiesOutputs? CredProps { get; set; }
...
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions