Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check key type for makeCredential #28

Closed
robin-nitrokey opened this issue Jul 5, 2023 · 0 comments · Fixed by #29
Closed

Check key type for makeCredential #28

robin-nitrokey opened this issue Jul 5, 2023 · 0 comments · Fixed by #29

Comments

@robin-nitrokey
Copy link
Member

The key_type field of the PublicKeyCredentialParameters must be checked:

The value SHOULD be a member of PublicKeyCredentialType but client platforms MUST ignore unknown values, ignoring any PublicKeyCredentialParameters with an unknown type.

https://www.w3.org/TR/webauthn/#dictionary-credential-params

Currently we accept all values.
@robin-nitrokey robin-nitrokey mentioned this issue Jul 5, 2023
Closed
12 tasks
robin-nitrokey added a commit to robin-nitrokey/fido-authenticator that referenced this issue Jul 5, 2023
@robin-nitrokey
Ignore key parameters with unsupported type
2dfefb3 
As required by the Webauthn spec, we now ignore public key credential
parameters with a type other than "public-key".

Fixes: trussed-dev#28
This was referenced Jul 5, 2023
Merged
Closed
robin-nitrokey added a commit to robin-nitrokey/fido-authenticator that referenced this issue Jul 10, 2023
@robin-nitrokey
Ignore key parameters with unsupported type
9132647 
As required by the Webauthn spec, we now ignore public key credential
parameters with a type other than "public-key".

Fixes: trussed-dev#28
nickray pushed a commit to robin-nitrokey/fido-authenticator that referenced this issue Sep 13, 2023
@robin-nitrokey @nickray
Ignore key parameters with unsupported type
6637273 
As required by the Webauthn spec, we now ignore public key credential
parameters with a type other than "public-key".

Fixes: trussed-dev#28
nickray pushed a commit that referenced this issue Sep 13, 2023
@robin-nitrokey @nickray
Ignore key parameters with unsupported type
8fed081 
As required by the Webauthn spec, we now ignore public key credential
parameters with a type other than "public-key".

Fixes: #28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ignore key parameters with unsupported type robin-nitrokey/fido-authenticator
1 participant
@robin-nitrokey