search

web-auth / webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework
MIT License
423 stars 54 forks source link

Set default algorithms for pubKeyCredParams #646

Closed Jampire closed 2 months ago

Jampire commented 2 months ago

Target branch:

PublicKeyCredentialCreationOptions can be created with an empty pubKeyCredParams array by default. However, some of the authenticators (like NordPass) don't support this. They are crashed when no algorithms are provided for registration options. Other authenticators (like 1Password) use ES256 (-7) by default on their side in such case.

@simplewebauthn/server sets [-8, -7, -257] algorithms by default. The same is done by W3C Webauthn specification.

This PR suggests to do the same.

Also, there is incorrect information in the documentation:

An empty list corresponds to the default algorithms that are ES256 and RS256 (in this order).

It's not true right now: an empty array is sent to the authenticator.

Spomky commented 2 months ago

Related to https://github.com/w3c/webauthn/issues/1757

Spomky commented 2 months ago

@mergify rebase

mergify[bot] commented 2 months ago

rebase

☑️ Nothing to do

- [ ] any of: - [ ] `#commits-behind>0` [📌 rebase requirement] - [ ] `#commits>1` [📌 rebase requirement] - [ ] `-linear-history` [📌 rebase requirement] - [X] `-closed` [📌 rebase requirement] - [X] `-conflict` [📌 rebase requirement] - [X] `queue-position=-1` [📌 rebase requirement]
Spomky commented 2 months ago

@mergify rebase

mergify[bot] commented 2 months ago

rebase

✅ Branch has been successfully rebased

Spomky commented 2 months ago

@mergify rebase

mergify[bot] commented 2 months ago

rebase

❌ Base branch update has failed

Git reported the following error: ``` warning: skipped previously applied commit 6e0a4e9 warning: skipped previously applied commit d17d55f warning: skipped previously applied commit f4ad425 warning: skipped previously applied commit 9983749 warning: skipped previously applied commit 4a09fd8 hint: use --reapply-cherry-picks to include skipped commits hint: Disable this message with "git config advice.skippedCherryPicks false" Rebasing (1/2) The previous cherry-pick is now empty, possibly due to conflict resolution. If you wish to commit it anyway, use: git commit --allow-empty Otherwise, please use 'git rebase --skip' interactive rebase in progress; onto 99f3d12 Last command done (1 command done): pick e566266 Update matthiasnoback/symfony-dependency-injection-test requirement || ^6.0 Next command to do (1 remaining command): pick 72a7b7c Set default algorithms for pubKeyCredParams (use "git rebase --edit-todo" to view and edit) You are currently rebasing branch 'default_algorithms' on '99f3d12'. (all conflicts fixed: run "git rebase --continue") nothing to commit, working tree clean Could not apply e566266... Update matthiasnoback/symfony-dependency-injection-test requirement || ^6.0 ```
Spomky commented 2 months ago

Hi,

I tried to rebase it and merge into 5.0.x, but it looks like I do not have the permissions. I created #647 that is exactly the same.