webauthn-rs icon indicating copy to clipboard operation
webauthn-rs copied to clipboard

Published 20 hours ago verified publisher icon kanidm

Last call for changes!

Open Firstyear opened this issue 2 years ago • 10 comments

Last call for ideas! I want to do the next release soon and stop changing the api so much, so now is your time to give constructive feedback! From my side I will commit a fido metadata service library and parser first before I do the release, currently I'm thinking to do the next release on 16th of August.

@agrinman @benwis @devsnek @yaleman @ericmarkmartin

Firstyear avatar Aug 09 '22 03:08 Firstyear

All good here. Only thing that comes to mind was my suggestion about changing the finish methods to return the mutated credential, but that's not really needed.

devsnek avatar Aug 09 '22 03:08 devsnek

For our use case, I think we're solid. We're not doing anything fancy though. I'll be sure to post if I come up with anything in testing over the next few days.

benwis avatar Aug 09 '22 03:08 benwis

All good here. Only thing that comes to mind was my suggestion about changing the finish methods to return the mutated credential, but that's not really needed.

I did look into it, and the reason I chose not to implement it is:

  • Most passkeys will never actually need updating because they lack an internal counter
  • Passkeys already assume the backup state bit is true WRT to security, so even if this flagged changed, it doesn't impact anything
  • It can be simulated with needs_update + credential_id to find then pre-clone the credential before you apply the update

Firstyear avatar Aug 09 '22 04:08 Firstyear

If we're trying to stabilize a bit here, should we think about pulling the ephemeral module?

ericmarkmartin avatar Aug 09 '22 12:08 ericmarkmartin

@ericmarkmartin It's already been removed :) the whole interface has a huge set of changes.

Firstyear avatar Aug 10 '22 00:08 Firstyear

Last call for ideas! I want to do the next release soon and stop changing the api so much, so now is your time to give constructive feedback! From my side I will commit a fido metadata service library and parser first before I do the release, currently I'm thinking to do the next release on 16th of August.

@agrinman @benwis @devsnek @yaleman @ericmarkmartin

Any chance you'd want to tackle ECC key usage in the TPM attestation type? The only thing that really changes much is the unique part of pubArea.

aseigler avatar Aug 10 '22 01:08 aseigler

@aseigler I don't have any samples sadly, so I can't really validate or confirm it works. But it also isn't api breaking to add that later.

Firstyear avatar Aug 10 '22 02:08 Firstyear

@aseigler I don't have any samples sadly, so I can't really validate or confirm it works. But it also isn't api breaking to add that later.

I can help with samples and validation. True it won't break api.

aseigler avatar Aug 10 '22 02:08 aseigler

@aseigler If you put it through the compat test https://webauthn.firstyear.id.au/compat_test and submit the json in a report, we can implement it :)

Firstyear avatar Aug 10 '22 02:08 Firstyear

~~Will do tomorrow morning~~ Done!

aseigler avatar Aug 10 '22 02:08 aseigler

Thanks everyone! I've just published 4.3 (because of some earlier version hiccups). Thank you all for your support, ideas and contributions! Happy-authenticating!

Firstyear avatar Aug 17 '22 00:08 Firstyear