Closed sbweeden closed 2 years ago
Hey Shane.
We do no use server specs anymore, as TWG decided to remove reference API from the server spec.
Official conformance API is here: https://github.com/fido-alliance/conformance-test-tools-resources/blob/master/docs/FIDO2/Server/Conformance-Test-API.md
Re issues: That seems to be just typoe that no one noticed
Re typoes: They are not present in conformance API definition anymore
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
Server front-end index.html
What is the OS and the version are you running?
Irrelevant
For desktop tools
For UAF mobile tools
Issue description
The server front-end index.html does not conform to any normative server specification.
The "last known" version of a server specification I could find is here
This is very out of date, and the server front-end example index.html doesn't adhere to it either. If interoperability servers are going to be asked to expose this front-end, then the expected HTTP payload interfaces need to be specified.
Specific examples of non-compliant request payloads include:
Example 1: In /assertion/options an example request is:
The
displayName
field is not part of any specification for /assertion/options and should not be included.Example 2: In /assertion/result an example request is:
The
authenticatorAttachment
field is new to L3 of WebAuthn and not currently part of the server specification for /assertion/result.Example 3: In /attestation/response an example body is:
The following included elements of that response are not part of any specification: