diff --git a/.github/workflows/release-verify-signatures.yml b/.github/workflows/release-verify-signatures.yml index 80650273c..163f320d2 100644 --- a/.github/workflows/release-verify-signatures.yml +++ b/.github/workflows/release-verify-signatures.yml @@ -39,7 +39,7 @@ jobs: strategy: matrix: - java: ["17.0.7"] + java: ["17.0.10"] distribution: [temurin, zulu, microsoft] steps: diff --git a/NEWS b/NEWS index fe7fa4b53..bc5b96125 100644 --- a/NEWS +++ b/NEWS @@ -53,6 +53,13 @@ New features: version increase. +== Version 2.5.2 (unreleased) == + +Fixes: + +* Allow unknown properties in `credProps` client extension output. + + == Version 2.5.1 == Changes: diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java index df76f3aaf..df2a77c84 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java @@ -4,7 +4,15 @@ import java.util.Set; public interface ExtensionOutputs { - /** Returns a {@link Set} of the extension IDs for which an extension output is present. */ + /** + * Returns a {@link Set} of recognized extension IDs for which an extension output is present. + * + *

This only includes extension identifiers recognized by the java-webauthn-server library. + * Recognized extensions can be found as the properties of {@link + * ClientRegistrationExtensionOutputs} for registration ceremonies, and {@link + * ClientAssertionExtensionOutputs} for authentication ceremonies. Unknown extension identifiers + * are silently ignored. + */ @JsonIgnore Set getExtensionIds(); } diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java index 8a819367f..d25d0f901 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java @@ -1,6 +1,7 @@ package com.yubico.webauthn.data; import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonValue; import com.upokecenter.cbor.CBORObject; @@ -65,6 +66,7 @@ public static class CredentialProperties { */ @Value @Builder + @JsonIgnoreProperties(ignoreUnknown = true) public static class CredentialPropertiesOutput { @JsonProperty("rk") private final Boolean rk; diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala index ca42a1019..4f16eb1fd 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala @@ -263,12 +263,21 @@ class RelyingPartyRegistrationSpec }, "clientExtensionResults": { "appidExclude": true, - "org.example.foo": "bar" + "org.example.foo": "bar", + "credProps": { + "rk": false, + "authenticatorDisplayName": "My passkey", + "unknownProperty": ["unknown-value"] + } } }""") pkc.getClientExtensionResults.getExtensionIds should contain( "appidExclude" ) + pkc.getClientExtensionResults.getExtensionIds should contain( + "credProps" + ) + pkc.getClientExtensionResults.getExtensionIds should not contain ("org.example.foo") } }