search

duo-labs / py_webauthn

Pythonic WebAuthn 🐍
https://duo-labs.github.io/py_webauthn
BSD 3-Clause "New" or "Revised" License
856 stars 171 forks source link

(Max) number of bytes in an auto-generated challenge is not documented #188

Closed lgarron closed 9 months ago

lgarron commented 11 months ago

I can't find documentation of the number of bytes (or at least a maximum) at:

Since this is a binary value that must be stored on the server, it would be really useful to know what size to allocate in a DB column.

(I know I can work around this by specifying the challenge, but it would be useful to know how to handle the defaults.)

MasterKale commented 10 months ago

Thanks for raising this @lgarron, if only I had time lately to produce a proper docs site 🥲

Until then I can add a note or something to the README about this specifically.

MasterKale commented 9 months ago

I've merged #198 that communicates more clearly how big challenges will be when it's left up to the library to generate them (it's 64 bytes.)

I'll follow up when this is available in a new release on PyPI.

MasterKale commented 9 months ago

Alright, this change is out in the latest webauthn==2.0.0 on PyPI:

https://github.com/duo-labs/py_webauthn/releases/tag/v2.0.0