search

duo-labs / py_webauthn

Pythonic WebAuthn 🐍
https://duo-labs.github.io/py_webauthn
BSD 3-Clause "New" or "Revised" License
856 stars 171 forks source link

Deviation from Spec?: Transports attribute #149

Closed jjjacksn closed 1 year ago

jjjacksn commented 1 year ago

Thanks for the great project! It's been great to use getting started with WebAuthn in python.

However, I believe I have discovered a deviation from the WebAuthn spec in the struct helpers.

I discovered this while implementing a python backend using py-webauthn and a front end using SimpleWebAuthn.

py_webauthn's RegistrationCredential has a top level transports attribute while SimpleWebAuthn has it at the response.transports key path level in the AuthenticatorAttestationResponseJSON interface.

From my quick reading of the WebAuthn 2.0 spec , it seems that having this data at response.transports is correct.

MasterKale commented 1 year ago

Hello @jjjacksn, thanks for calling this out. Way back when I defined transports in the same place in SimpleWebAuthn (in PublicKeyCredential instead of within response), but I recently moved transports into response as part of updating that library to accommodate the JSON data structures I got into the WebAuthn L3 draft here. Updating py_webauthn accordingly (which will include relocating transports into response too) will happen when I address #143.

MasterKale commented 1 year ago

Closing as a duplicate of #143.

MasterKale commented 1 year ago

@jjjacksn Following up on this, this issue should be addressed with the release just now of v1.8.0:

https://pypi.org/project/webauthn/1.8.0/

Please feel free to follow up if you notice anything off :v: