CollectedClientData JSON byte serialization + other changes

hariria commented 10 months ago

Summary

The WebAuthn specification uses a custom serialization format for converting CollectedClientData into json bytes (see §5.8.1.1 of the WebAuthn specification for more information). This is not needed for verification of passkey signatures but is helpful for testing.

CollectedClientData is also a struct that can be extended in the future. This PR added a new field under CollectedClientData called unknown_keys to ensure that new fields would be serialized correctly

Lastly, this PR implements some dependency bumps to ensure passkey-rs is up to date and compatible with other rust projects that may consume it.

Detailed changes

[x] Added json byte serialization for clientDataJSON via to_json_bytes()
[x] Made CollectedClientData extendable in the event that new fields are added in the future, changed field macros to ensure serde would serialize them properly if empty (see §5.8.1.1 of the WebAuthn specification)
[x] Added indexmap to ensure keys preserve order during serialization (unlike BTreeMap)

Test plan

[x] Created tests for extended CollectedClientData struct json byte encoding, using a Secure Payment Confirmation (SPC) payload
[x] Created tests for normal CollectedClientData struct json byte encoding
[x] All tests pass, ran cargo clippy and cargo fmt and cargo test

hariria commented 10 months ago

CC @Progdrasil @mitchchn

hariria commented 9 months ago

Hi @Progdrasil addressed your comments above. Let me know if this looks good to you

hariria commented 9 months ago

@Progdrasil I've gone ahead and made changes to address some of the concerns you brought up, re-ran tests, fmt, and clippy. Please let me know if this looks good to you

hariria commented 9 months ago

@Progdrasil I've gone ahead and addressed the feedback above, removed the client_data_json custom serialization method. I'm still a bit confused on how you want me to create tests for checking byte serialization of CollectedClientData when you also don't want me to include the bytes themselves for validation, but please let me know if my explanation here makes sense https://github.com/1Password/passkey-rs/pull/6#discussion_r1416392151. Would like to wrap this up in the next day or two if possible.

hariria commented 9 months ago

Great thanks. Will there be a semver bump to the crate anytime soon so I can use the latest changes?

Progdrasil commented 9 months ago

Yes! I've just gone through and audited the current version on main in preparation of doing a release. #10

1Password / passkey-rs