search

cedarcode / webauthn-ruby

WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
https://rubygems.org/gems/webauthn
MIT License
658 stars 55 forks source link

Encapsulate WebAuthn::PublicKey behaviour #284

Closed ssuttner closed 4 years ago

ssuttner commented 4 years ago

WebAuthn has some custom logic to account for backward compatibility on the deserialization of stored public keys in older formats. See this comment.

Up until now, this logic is was not properly encapsulated so that it could be reused from other parts of the gem, or even to be used as a public API.

Motivated by https://github.com/cedarcode/webauthn-ruby/issues/222 and in collaboration with @padulafacundo a new method is now exposed to be able to check that a stored public key abides by the expected formatting. If WebAuthn::PublicKey.deserialize(stored_public_key) succeeds, then a user can be sure the key is valid.

grzuy commented 4 years ago

Will merge after fixup squshing...