WIP: Use libwebauthn for JSON response serialization#117
Open
AlfioEmanueleFresta wants to merge 1 commit intolibwebauthn-jsonfrom
Open
WIP: Use libwebauthn for JSON response serialization#117AlfioEmanueleFresta wants to merge 1 commit intolibwebauthn-jsonfrom
AlfioEmanueleFresta wants to merge 1 commit intolibwebauthn-jsonfrom
Conversation
AlfioEmanueleFresta
force-pushed
the
libwebauthn-json-2
branch
2 times, most recently
from
7c84e5d to
41945cd
Compare
AlfioEmanueleFresta
changed the title
This commit migrates from custom JSON response serialization to libwebauthn's WebAuthnIDLResponse::to_inner_model() for both create credential (MakeCredential) and get credential (GetAssertion) responses. Changes: - Use libwebauthn's to_inner_model() to serialize responses, then modify the result to add transport and authenticator_attachment information that is known at the credential service level - Remove create_credential_request_try_into_ctap2's client_data_json return value (now extracted from the request by libwebauthn) - Remove get_credential_request_try_into_ctap2's client_data_json return value - Update gateway.rs to clone the request for response serialization - Remove unused modules: cbor.rs, cose.rs, serde/mod.rs - Simplify webauthn.rs to just re-exports from libwebauthn This removes ~800 lines of custom serialization code including: - CreatePublicKeyCredentialResponse and GetPublicKeyCredentialResponse - AttestationStatement enum and create_attestation_object function - All the extension output types (CredentialPropertiesOutput, etc.) - Custom CBOR writer for attestation object serialization - COSE key type helpers The response serialization now uses libwebauthn's implementation which: - Handles attestation object CBOR encoding - Handles all extension output serialization - Handles base64url encoding of binary fields - Produces WebAuthn Level 3 compliant JSON responses
AlfioEmanueleFresta
force-pushed
the
libwebauthn-json-2
branch
from
41945cd to
82aefc6
Compare
msirringhaus
requested changes
Jan 8, 2026
Collaborator
msirringhaus
left a comment
msirringhaus
left a comment
There was a problem hiding this comment.
Some minor questions
| use tracing::debug; | ||
|
|
||
| use crate::cose::CoseKeyAlgorithmIdentifier; | ||
| //! WebAuthn types re-exported from libwebauthn. |
Collaborator
There was a problem hiding this comment.
Do we need this file at all now? Is it used anywhere else except in dbus/model.rs?
| .authenticator_data | ||
| .to_response_bytes() | ||
| .map_err(|err| format!("Failed to parse authenticator data: {err}"))?; | ||
| .to_inner_model(request) |
Collaborator
There was a problem hiding this comment.
Could this function get a different name? to_inner_model() isn't really intuitive from a user-perspective. Same for MakeCredential.
iinuwa
requested changes
Jan 18, 2026
| } | ||
| // Find out where this request is coming from (which application is requesting this) | ||
| let requesting_app = query_connection_peer_binary(header, connection).await; | ||
| let make_cred_request_for_response = make_cred_request.clone(); |
Member
There was a problem hiding this comment.
we're cloning this, and then borrowing and not using it later; can we omit the clone and just borrow the original variable?
| tracing::error!("Could not parse passkey assertion request: {e:?}"); | ||
| WebAuthnError::TypeError | ||
| })?; | ||
| let get_cred_request_for_response = get_cred_request.clone(); |
Member
There was a problem hiding this comment.
Same here; can we borrow instead of cloning?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR migrates from custom JSON response serialization to libwebauthn's
WebAuthnIDLResponse::to_inner_model()for both create credential (MakeCredential) and get credential (GetAssertion) responses.Stacked on: #116
Changes
to_inner_model()to serialize responsestransportsandauthenticator_attachment(see libwebauthn#159)client_data_jsonfrom return value (now extracted by libwebauthn)to_inner_model())Behavioral Changes
New fields in response (WebAuthn Level 3 enhancements):
response.authenticatorData- authenticator data separately encodedresponse.publicKey- public key in COSE formatresponse.publicKeyAlgorithm- COSE algorithm identifiertype- credential type field ("public-key")TODOs from Deleted Code
The old code had one TODO that should be implemented in libwebauthn:
Created linux-credentials/libwebauthn#161.
Related Issues