python-fido2 icon indicating copy to clipboard operation
python-fido2 copied to clipboard
verified publisher icon Yubico

`CBOR_UNEXPECTED_TYPE` when using `allowCredentials` in `Fido2Client.get_assertion`

Open mpdn opened this issue 1 year ago • 1 comments

Hi. I seem to be hitting an issue where setting allowCredentials causes a CBOR_UNEXPECTED_TYPE to be returned. I am using Yubikey 5C USB.

I am not totally sure whether I am structuring the parameters to the call correctly, but it seems to be translated into an underlying PublicKeyCredentialDescriptor correctly, so it seems odd that this is somehow translated into invalid CBOR.

I can replicate the issue with the following snippet:

import fido2.features
from fido2.hid import CtapHidDevice
from fido2.client import Fido2Client
from fido2.utils import websafe_encode

fido2.features.webauthn_json_mapping.enabled = True

device = next(CtapHidDevice.list_devices())
client = Fido2Client(device, 'https://example.com')
client.get_assertion({
    'challenge': websafe_encode(b'foo'),
    'rpId': 'example.com',
    'allowCredentials': [{
        'type': 'public-key',
        'id': websafe_encode(b'bar')
    }],
})

mpdn avatar Jul 03 '24 09:07 mpdn

Try disabling fido2.features.webauthn_json_mapping.enabled = True line. webauthn_json_mapping changes the encoding method for bytes. bytes serialized into str when this feature is enabled where the device expects bytes.

sardok avatar Aug 09 '24 19:08 sardok

This should be fixed in version 1.2. The webauthn_json_mapping feature should not be required to be disabled anymore.

dainnilsson avatar Dec 03 '24 10:12 dainnilsson