Skip to content

Make userHandle response field optional #2560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
melissaahn merged 6 commits into from
Jan 2, 2025
Merged

Make userHandle response field optional #2560

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
029a530
userHandle
melissaahn Dec 20, 2024
2e70121
changelog
melissaahn Dec 20, 2024
aa0d05a
rewrote logic and updated unit test
melissaahn Dec 23, 2024
3867092
Merge branch 'dev' into melissaahn/UserHandle
melissaahn Dec 27, 2024
a58e216
Adding log for userhandle
melissaahn Jan 2, 2025
b521344
run tests again
melissaahn Jan 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ vNext
- [MINOR] Add Child Spans for Interactive Span (#2516)
- [MINOR] For MSAL CPP flows, match exact claims when deleting AT with intersecting scopes (#2548)
- [MINOR] Replace Deprecated Keystore API for Android 28+ (#2558)
- [PATCH] Make userHandle response field optional (#2560)

Version 18.2.2
----------
Expand Down
20 changes: 17 additions & 3 deletions common/src/main/java/com/microsoft/identity/common/internal/fido/WebAuthnJsonUtil.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,18 @@ import com.microsoft.identity.common.java.constants.FidoConstants.Companion.WEBA
import com.microsoft.identity.common.java.constants.FidoConstants.Companion.WEBAUTHN_RESPONSE_ID_JSON_KEY
import com.microsoft.identity.common.java.constants.FidoConstants.Companion.WEBAUTHN_RESPONSE_SIGNATURE_JSON_KEY
import com.microsoft.identity.common.java.constants.FidoConstants.Companion.WEBAUTHN_RESPONSE_USER_HANDLE_JSON_KEY
import com.microsoft.identity.common.logging.Logger
import org.json.JSONException
import org.json.JSONObject

/**
* A utility class to help convert to and from strings in WebAuthn json format.
*/
class WebAuthnJsonUtil {
companion object {
companion object {

private val TAG = WebAuthnJsonUtil::class.simpleName.toString()

/**
* Takes applicable parameters and creates a string representation of
* PublicKeyCredentialRequestOptionsJSON (https://w3c.github.io/webauthn/#dictdef-publickeycredentialrequestoptionsjson)
Expand Down Expand Up @@ -74,6 +79,7 @@ class WebAuthnJsonUtil {
* @throws JSONException if a value is not present that should be.
*/
fun extractAuthenticatorAssertionResponseJson(fullResponseJson : String): String {
val methodTag = "$TAG:extractAuthenticatorAssertionResponseJson"
val fullResponseJsonObject = JSONObject(fullResponseJson);
val authResponseJsonObject = fullResponseJsonObject
.getJSONObject(FidoConstants.WEBAUTHN_AUTHENTICATION_ASSERTION_RESPONSE_JSON_KEY)
Expand All @@ -87,8 +93,16 @@ class WebAuthnJsonUtil {
WEBAUTHN_RESPONSE_CLIENT_DATA_JSON_KEY))
assertionResult.put(WEBAUTHN_RESPONSE_SIGNATURE_JSON_KEY, authResponseJsonObject.get(
WEBAUTHN_RESPONSE_SIGNATURE_JSON_KEY))
assertionResult.put(WEBAUTHN_RESPONSE_USER_HANDLE_JSON_KEY, authResponseJsonObject.get(
WEBAUTHN_RESPONSE_USER_HANDLE_JSON_KEY))
try {
assertionResult.put(
WEBAUTHN_RESPONSE_USER_HANDLE_JSON_KEY, authResponseJsonObject.get(
WEBAUTHN_RESPONSE_USER_HANDLE_JSON_KEY
)
)
} catch (e: JSONException) {
// UserHandle is optional if allowCredentials was provided in the request (username flow).
Logger.info(methodTag, "UserHandle not found in assertion response.")
}
return assertionResult.toString()
}

Expand Down
Loading