Skip to content

Add support for credProtect extension #404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 24, 2025
Merged

Add support for credProtect extension #404

merged 3 commits into from
Feb 24, 2025

Conversation

emlun
Copy link
Member

@emlun emlun commented Feb 13, 2025

@emlun emlun requested a review from fdennis February 13, 2025 13:15
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 13, 2025
edited
Loading

Test Results

2 251 tests   2 243 ✅  58s ⏱️
   46 suites      8 💤
   46 files        0 ❌

Results for commit 613d34f.

♻️ This comment has been updated with latest results.

@emlun emlun marked this pull request as draft February 18, 2025 17:17
@emlun emlun marked this pull request as ready for review February 24, 2025 13:41
@emlun emlun requested a review from fdennis February 24, 2025 13:41
@emlun emlun merged commit 349ebec into main Feb 24, 2025
20 checks passed
@emlun emlun deleted the credprotect branch February 24, 2025 16:28
@ethantmcgee
Copy link

We did not expect this go from us asking about it on a random Thursday to seeing a PR merged in such a short time. Thank you so much!

@emlun
Copy link
Member Author

emlun commented Apr 30, 2025

@ethantmcgee Sorry for the delay, but this is now available on Maven Central in pre-release 2.7.0-RC1. Please try it out and let us know if it works! This pre-release will be promoted to an official 2.7.0 release on 2025-05-15 if no issues come in before then.

@ethantmcgee
Copy link

@emlun thanks so much for adding this, we were able to put this into the project today and test. It doesn't appear the generated json is correct. When I setup the options that we want via demo.yubico.com it shows that the extensions setup is

"extensions": {
    "credProps": true,
    "credentialProtectionPolicy": "userVerificationRequired",
    "enforceCredentialProtectionPolicy": true
},

which seems to line up with the mozilla documentation.

The webauthn library is instead generating

"extensions": {
    "credProps": true,
    "credProtect": {
        "credentialProtectionPolicy": "userVerificationRequired",
        "enforceCredentialProtectionPolicy": true
    }
}

We are configuring the extensions as follows:

var extensions = RegistrationExtensionInputs.builder()
      .credProps()
      .credProtect(Extensions.CredentialProtection.CredentialProtectionInput.require(UV_REQUIRED));

Please let me know if I've done something incorrectly and thanks again!

@emlun
Copy link
Member Author

emlun commented May 2, 2025

Well that's embarrassing 😆 good catch, thanks!

@emlun emlun mentioned this pull request May 2, 2025
Merged
@emlun
Copy link
Member Author

emlun commented May 2, 2025

This should be fixed in 2.7.0-RC2, available now on Maven Central. Care to test that too?

@ethantmcgee
Copy link

2.7.0-RC2 passes all of our tests. Thanks!

We look forward to the release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fdennis fdennis fdennis approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@emlun @ethantmcgee @fdennis