Map authenticator transports on server side (#453)

joegoldman2 · abergs · web-flow · commit 5e5f28980e50 · 2023-12-22T15:25:31.000+01:00
* Remove transports field as it is not mapped on server side

* Map transports

---------

Co-authored-by: Anders Åberg &lt;anders@andersaberg.com&gt;
diff --git a/Demo/wwwroot/js/custom.register.js b/Demo/wwwroot/js/custom.register.js
@@ -126,7 +126,7 @@ async function registerNewCredential(newCredential) {
         response: {
             AttestationObject: coerceToBase64Url(attestationObject),
             clientDataJSON: coerceToBase64Url(clientDataJSON),
-            transports: newCredential.response.getTransports(),
+            transports: newCredential.response.getTransports()
         },
     };
 
diff --git a/Demo/wwwroot/js/mfa.register.js b/Demo/wwwroot/js/mfa.register.js
@@ -130,7 +130,8 @@ async function registerNewCredential(newCredential) {
         extensions: newCredential.getClientExtensionResults(),
         response: {
             AttestationObject: coerceToBase64Url(attestationObject),
-            clientDataJSON: coerceToBase64Url(clientDataJSON)
+            clientDataJSON: coerceToBase64Url(clientDataJSON),
+            transports: newCredential.response.getTransports()
         }
     };
 
diff --git a/Demo/wwwroot/js/passwordless.register.js b/Demo/wwwroot/js/passwordless.register.js
@@ -127,7 +127,8 @@ async function registerNewCredential(newCredential) {
         extensions: newCredential.getClientExtensionResults(),
         response: {
             AttestationObject: coerceToBase64Url(attestationObject),
-            clientDataJSON: coerceToBase64Url(clientDataJSON)
+            clientDataJSON: coerceToBase64Url(clientDataJSON),
+            transports: newCredential.response.getTransports()
         }
     };
 
diff --git a/Demo/wwwroot/js/usernameless.register.js b/Demo/wwwroot/js/usernameless.register.js
@@ -128,7 +128,8 @@ async function registerNewCredential(newCredential) {
         extensions: newCredential.getClientExtensionResults(),
         response: {
             attestationObject: coerceToBase64Url(attestationObject),
-            clientDataJSON: coerceToBase64Url(clientDataJSON)
+            clientDataJSON: coerceToBase64Url(clientDataJSON),
+            transports: newCredential.response.getTransports()
         }
     };
 
diff --git a/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts b/Src/Fido2.BlazorWebAssembly/wwwroot/js/WebAuthn.ts
@@ -33,7 +33,7 @@ export async function createCreds(options: PublicKeyCredentialCreationOptions) {
         response: {
             attestationObject: toBase64Url(response.attestationObject),
             clientDataJSON: toBase64Url(response.clientDataJSON),
-            transports: response.getTransports ? response.getTransports() : [],
+            transports: response.getTransports ? response.getTransports() : []
         }
     };
     return retval;
diff --git a/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs b/Src/Fido2.Models/AuthenticatorAttestationRawResponse.cs
@@ -32,5 +32,8 @@ public sealed class AttestationResponse
         [JsonConverter(typeof(Base64UrlConverter))]
         [JsonPropertyName("clientDataJSON")]
         public byte[] ClientDataJson { get; set; }
+
+        [JsonPropertyName("transports")]
+        public AuthenticatorTransport[] Transports { get; set; }
     }
 }
diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs
@@ -190,7 +190,7 @@ public async Task<RegisteredPublicKeyCredential> VerifyAsync(
             Id = authData.AttestedCredentialData.CredentialId,
             PublicKey = authData.AttestedCredentialData.CredentialPublicKey.GetBytes(),
             SignCount = authData.SignCount,
-            // Transports = result of response.getTransports();
+            Transports = Raw.Response.Transports,
             IsBackupEligible = authData.IsBackupEligible,
             IsBackedUp = authData.IsBackedUp,
             AttestationObject = Raw.Response.AttestationObject,
diff --git a/Test/Attestation/AndroidKey.cs b/Test/Attestation/AndroidKey.cs
@@ -76,6 +76,7 @@ public async Task TestAndroidKey()
         Assert.Equal("Test User", res.Result.User.DisplayName);
         Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
         Assert.Equal("testuser", res.Result.User.Name);
+        Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
     }
 
     [Fact]
diff --git a/Test/Attestation/AndroidSafetyNet.cs b/Test/Attestation/AndroidSafetyNet.cs
@@ -113,6 +113,7 @@ public async Task TestAndroidSafetyNet()
         Assert.Equal("Test User", res.Result.User.DisplayName);
         Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
         Assert.Equal("testuser", res.Result.User.Name);
+        Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
     }
 
     [Fact]
diff --git a/Test/Attestation/FidoU2f.cs b/Test/Attestation/FidoU2f.cs
@@ -68,6 +68,7 @@ public async Task TestU2f()
         Assert.Equal("Test User", res.Result.User.DisplayName);
         Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
         Assert.Equal("testuser", res.Result.User.Name);
+        Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
     }
 
     [Fact]
diff --git a/Test/Attestation/Packed.cs b/Test/Attestation/Packed.cs
@@ -48,6 +48,7 @@ public async Task TestSelf()
             Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
             Assert.Equal("testuser", res.Result.User.Name);
             _attestationObject = new CborMap { { "fmt", "packed" } };
+            Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
         }
     }
 
diff --git a/Test/Attestation/Tpm.cs b/Test/Attestation/Tpm.cs
@@ -305,6 +305,7 @@ public async Task TestTPM()
             Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
             Assert.Equal("testuser", res.Result.User.Name);
             _attestationObject = new CborMap { { "fmt", "tpm" } };
+            Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
         }
     }
 
@@ -422,6 +423,7 @@ public async Task TestTPMAikCertSANTCGConformant()
         Assert.Equal("Test User", res.Result.User.DisplayName);
         Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
         Assert.Equal("testuser", res.Result.User.Name);
+        Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
     }
 
     [Fact]
@@ -5060,6 +5062,7 @@ public async Task TestTPMAikCertMisingAAGUID()
         Assert.Equal("Test User", res.Result.User.DisplayName);
         Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
         Assert.Equal("testuser", res.Result.User.Name);
+        Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);
     }
 
     [Fact]
diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs
@@ -163,6 +163,7 @@ public async Task<MakeNewCredentialResult> MakeAttestationResponseAsync()
                 {
                     AttestationObject = _attestationObject.Encode(),
                     ClientDataJson = _clientDataJson,
+                    Transports = new[] { AuthenticatorTransport.Internal }
                 },
                 Extensions = new AuthenticationExtensionsClientOutputs()
                 {

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,8 @@ async function registerNewCredential(newCredential) {`
`130`	`130`	`extensions: newCredential.getClientExtensionResults(),`
`131`	`131`	`response: {`
`132`	`132`	`AttestationObject: coerceToBase64Url(attestationObject),`
`133`		`- clientDataJSON: coerceToBase64Url(clientDataJSON)`
	`133`	`+ clientDataJSON: coerceToBase64Url(clientDataJSON),`
	`134`	`+ transports: newCredential.response.getTransports()`
`134`	`135`	`}`
`135`	`136`	`};`
`136`	`137`
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,8 @@ async function registerNewCredential(newCredential) {`
`127`	`127`	`extensions: newCredential.getClientExtensionResults(),`
`128`	`128`	`response: {`
`129`	`129`	`AttestationObject: coerceToBase64Url(attestationObject),`
`130`		`- clientDataJSON: coerceToBase64Url(clientDataJSON)`
	`130`	`+ clientDataJSON: coerceToBase64Url(clientDataJSON),`
	`131`	`+ transports: newCredential.response.getTransports()`
`131`	`132`	`}`
`132`	`133`	`};`
`133`	`134`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,8 @@ async function registerNewCredential(newCredential) {`
`128`	`128`	`extensions: newCredential.getClientExtensionResults(),`
`129`	`129`	`response: {`
`130`	`130`	`attestationObject: coerceToBase64Url(attestationObject),`
`131`		`- clientDataJSON: coerceToBase64Url(clientDataJSON)`
	`131`	`+ clientDataJSON: coerceToBase64Url(clientDataJSON),`
	`132`	`+ transports: newCredential.response.getTransports()`
`132`	`133`	`}`
`133`	`134`	`};`
`134`	`135`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ export async function createCreds(options: PublicKeyCredentialCreationOptions) {`
`33`	`33`	`response: {`
`34`	`34`	`attestationObject: toBase64Url(response.attestationObject),`
`35`	`35`	`clientDataJSON: toBase64Url(response.clientDataJSON),`
`36`		`- transports: response.getTransports ? response.getTransports() : [],`
	`36`	`+ transports: response.getTransports ? response.getTransports() : []`
`37`	`37`	`}`
`38`	`38`	`};`
`39`	`39`	`return retval;`
Original file line number	Diff line number	Diff line change
`@@ -32,5 +32,8 @@ public sealed class AttestationResponse`
`32`	`32`	`[JsonConverter(typeof(Base64UrlConverter))]`
`33`	`33`	`[JsonPropertyName("clientDataJSON")]`
`34`	`34`	`public byte[] ClientDataJson { get; set; }`
	`35`	`+`
	`36`	`+ [JsonPropertyName("transports")]`
	`37`	`+ public AuthenticatorTransport[] Transports { get; set; }`
`35`	`38`	`}`
`36`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,7 @@ public async Task TestAndroidKey()`
`76`	`76`	`Assert.Equal("Test User", res.Result.User.DisplayName);`
`77`	`77`	`Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);`
`78`	`78`	`Assert.Equal("testuser", res.Result.User.Name);`
	`79`	`+ Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`[Fact]`
Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,7 @@ public async Task TestAndroidSafetyNet()`
`113`	`113`	`Assert.Equal("Test User", res.Result.User.DisplayName);`
`114`	`114`	`Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);`
`115`	`115`	`Assert.Equal("testuser", res.Result.User.Name);`
	`116`	`+ Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);`
`116`	`117`	`}`
`117`	`118`
`118`	`119`	`[Fact]`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ public async Task TestU2f()`
`68`	`68`	`Assert.Equal("Test User", res.Result.User.DisplayName);`
`69`	`69`	`Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);`
`70`	`70`	`Assert.Equal("testuser", res.Result.User.Name);`
	`71`	`+ Assert.Equal(new[] { AuthenticatorTransport.Internal }, res.Result.Transports);`
`71`	`72`	`}`
`72`	`73`
`73`	`74`	`[Fact]`