Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[API Consistency] There is no FinishDiscoverableLogin in Webauthn #172

Closed
boris-lenzinger opened this issue Oct 22, 2023 · 4 comments
Closed

[API Consistency] There is no FinishDiscoverableLogin in Webauthn #172

boris-lenzinger opened this issue Oct 22, 2023 · 4 comments
Labels
status/needs-triage Issues that need to be triaged. type/feature-request Feature Requests

Comments

@boris-lenzinger
Copy link
Contributor

Version

0.8.6

Description

While using the code, I wanted to use the discoverable credentials feature. There is a BeginDiscoverableLogin method, a ValidateDiscoverableLogin method but no FinishDiscoverableLogin method.

I was wondering if there is a reason for this. I imagine that the code would be :

// FinishDiscoverableLogin takes the response from the client and validate it against the user handler and stored session data.
func (webauthn *WebAuthn) FinishDiscoverableLogin(handler DiscoverableUserHandler, session SessionData, response *http.Request) (*Credential, error) {
	parsedResponse, err := protocol.ParseCredentialRequestResponse(response)
	if err != nil {
		return nil, err
	}

	return webauthn.ValidateDiscoverableLogin(handler, session, parsedResponse)
}

but I may miss something.

Reproduction

This is related to the API and the available methods.

Expectations

I would expect that a method FinishDiscoverableLogin would be available.

Documentation

No response
@boris-lenzinger boris-lenzinger added status/needs-triage Issues that need to be triaged. type/potential-bug Potential Bugs labels Oct 22, 2023
@james-d-elliott
Copy link
Member

It was simply not considered really as the parsing is relatively low effort. We can just add it if there is desire for it.

@james-d-elliott james-d-elliott added type/feature-request Feature Requests and removed type/potential-bug Potential Bugs labels Oct 22, 2023
@boris-lenzinger
Copy link
Contributor Author

It would be more consistent. On the begin side, we have both BeginLogin and :

// BeginDiscoverableLogin begins a client-side discoverable login, previously known as Resident Key logins.
func (webauthn *WebAuthn) BeginDiscoverableLogin(opts ...LoginOption) (*protocol.CredentialAssertion, *SessionData, error) {
	return webauthn.beginLogin(nil, nil, opts...)
}

and so I expected to have the same on the Finish side. Not a big deal if it is not added. As you said, the code is not that complicated to do. I let others vote on this if they feel there is a need for it.

@james-d-elliott
Copy link
Member

I plan on just doing it since you want it, just not sure when I'll get around to it probably next weekend I'd guess, I'd welcome anyone else doing it too.

boris-lenzinger added a commit to boris-lenzinger/webauthn that referenced this issue Oct 23, 2023
@boris-lenzinger
Implementation of go-webauthn#172
89cc04b 
The required elements were already in the code. Was missing this simple
function to get methods to finish login in both cases (discoverable
credentials or not discoverable).
@boris-lenzinger
Copy link
Contributor Author

I plan on just doing it since you want it, just not sure when I'll get around to it probably next weekend I'd guess, I'd welcome anyone else doing it too.

I've created a pull request (#173) for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/needs-triage Issues that need to be triaged. type/feature-request Feature Requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@james-d-elliott @boris-lenzinger