glatzert
commented
3 weeks ago I followed the Fido2ResponseBase.Status and currently there's only one line of demo code, where the Property takes another value than "Ok" - I think the property is most misleading as such.
Same goes for the errorMessage - it's always empty.
Fido2ResponseBase seems not to be used in any meaningful way and should as such be removed.
abergs
The function https://github.com/passwordless-lib/fido2-net-lib/blob/9ad038b43aa0c37d993cdfd662c03e8d5a08419c/Src/Fido2/IFido2.cs#L16
IFido2.MakeAssertionAsync()returns an instance ofVerifyAssertionResult. This leads to questions and some confusion about how to use it:1) The return type contains an status and an errorMessage, that is used in the samples like here https://github.com/passwordless-lib/fido2-net-lib/blob/9ad038b43aa0c37d993cdfd662c03e8d5a08419c/BlazorWasmDemo/Server/Controllers/UserController.cs#L284, but will never be anything else then
{ status = "ok" }anderrorMessage = nulldespite the sample indicating otherwise.MakeAssertionAsync()will always throw on error, which is okay, but should be clearly communicated. 2) theVerifyAssertionResult.Statusproperty is of type string and is neither populated by an enum nor by an constant, so if that property is relevant, the caller needs to read the code to understand the possible values.I propose:
VerifyAssertionResulttoFido2ResponseBasesince that brings in the two problematic fields.VerifyAssertionResultindicating successful verification and thus remove all throws and replace it with returnVerifiyAssertionResult.Error(string reason)setting that bool to false (or an enum indicating success and failure to make it clearly distinguishable).If you'd accept the Idea, I'd implement it and provide a PR.