Closed tcannonfodder closed 1 year ago
As part of the discussion for devise-passkeys, it became clear that Warden::WebAuthn::StrategyHelpers was being included in places that extend beyond its intended purpose. (see: https://github.com/ruby-passkeys/devise-passkeys/pull/25#issuecomment-1605239266)
devise-passkeys
Warden::WebAuthn::StrategyHelpers
A major cause of that was the relying_party_key method, which devise-passkeys was using to add the relying party to the request ENV.
relying_party_key
There is a PR in warden-webauthn to add the Warden::WebAuthn::RackHelpers module: https://github.com/ruby-passkeys/warden-webauthn/pull/5
warden-webauthn
Warden::WebAuthn::RackHelpers
In addition, we also need to clean up the use of parsed_credential inside the controller concerns to handle when there is a JSON parsing error.
parsed_credential
As part of the discussion for
devise-passkeys, it became clear thatWarden::WebAuthn::StrategyHelperswas being included in places that extend beyond its intended purpose. (see: https://github.com/ruby-passkeys/devise-passkeys/pull/25#issuecomment-1605239266)A major cause of that was the
relying_party_keymethod, whichdevise-passkeyswas using to add the relying party to the request ENV.There is a PR in
warden-webauthnto add theWarden::WebAuthn::RackHelpersmodule: https://github.com/ruby-passkeys/warden-webauthn/pull/5In addition, we also need to clean up the use of
parsed_credentialinside the controller concerns to handle when there is a JSON parsing error.