Merge branch 'release-2.5'

Author: emlun

.github/workflows/release-verify-signatures.yml

@@ -39,7 +39,7 @@ jobs:
 
     strategy:
       matrix:
-        java: ["17.0.7"]
+        java: ["17.0.10"]
         distribution: [temurin, zulu, microsoft]
 
     steps:

NEWS

@@ -53,6 +53,13 @@ New features:
     version increase.
 
 
+== Version 2.5.2 (unreleased) ==
+
+Fixes:
+
+* Allow unknown properties in `credProps` client extension output.
+
+
 == Version 2.5.1 ==
 
 Changes:

webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java

@@ -4,7 +4,15 @@
 import java.util.Set;
 
 public interface ExtensionOutputs {
-  /** Returns a {@link Set} of the extension IDs for which an extension output is present. */
+  /**
+   * Returns a {@link Set} of recognized extension IDs for which an extension output is present.
+   *
+   * <p>This only includes extension identifiers recognized by the java-webauthn-server library.
+   * Recognized extensions can be found as the properties of {@link
+   * ClientRegistrationExtensionOutputs} for registration ceremonies, and {@link
+   * ClientAssertionExtensionOutputs} for authentication ceremonies. Unknown extension identifiers
+   * are silently ignored.
+   */
   @JsonIgnore
   Set<String> getExtensionIds();
 }

webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java

@@ -1,6 +1,7 @@
 package com.yubico.webauthn.data;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonValue;
 import com.upokecenter.cbor.CBORObject;
@@ -65,6 +66,7 @@ public static class CredentialProperties {
      */
     @Value
     @Builder
+    @JsonIgnoreProperties(ignoreUnknown = true)
     public static class CredentialPropertiesOutput {
       @JsonProperty("rk")
       private final Boolean rk;

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala

@@ -263,12 +263,21 @@ class RelyingPartyRegistrationSpec
                 },
                 "clientExtensionResults": {
                   "appidExclude": true,
-                  "org.example.foo": "bar"
+                  "org.example.foo": "bar",
+                  "credProps": {
+                    "rk": false,
+                    "authenticatorDisplayName": "My passkey",
+                    "unknownProperty": ["unknown-value"]
+                  }
                 }
               }""")
             pkc.getClientExtensionResults.getExtensionIds should contain(
               "appidExclude"
             )
+            pkc.getClientExtensionResults.getExtensionIds should contain(
+              "credProps"
+            )
+            pkc.getClientExtensionResults.getExtensionIds should not contain ("org.example.foo")
           }
         }