Skip to content

[Bug] fix(webauthn): to include scopes in the API #882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Sep 23, 2025
Merged

[Bug] fix(webauthn): to include scopes in the API #882

merged 13 commits into from
Sep 23, 2025

Conversation

@Ansonhkg
Copy link
Collaborator

@Ansonhkg Ansonhkg commented Sep 5, 2025
edited
Loading

WHAT

  • Fixed Webauthn sign-session-sig issue due defaulting pubkey to 0x causing "misleading" (technically correct) unable to decode credential public key CBOR.
  • Fixed PKP doesn't have scope issue due to missing API param
"An unexpected error has occured.", "details": ["parser error: Unable to decode credential public key CBOR...
image

@Ansonhkg Ansonhkg added 🐞 Bug Fix Something isn't working v8 | Naga labels Sep 5, 2025
Ansonhkg
Ansonhkg commented Sep 5, 2025
View reviewed changes
packages/auth-services/src/auth-server/src/schemas/AuthServiceMintRequestSchema.ts
export const tAuthServiceMintRequestSchema = t.Object({
authMethodType: t.String(),
authMethodId: t.String(),
pubkey: t.Optional(t.String({ default: '0x' })),
Copy link
Collaborator Author

@Ansonhkg Ansonhkg Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This caused Unable to decode credential public key CBOR

@Ansonhkg Ansonhkg self-assigned this Sep 5, 2025
@Ansonhkg Ansonhkg changed the title [Bug] fix(webauthn): to include scopes in the API 2 - [Bug] fix(webauthn): to include scopes in the API Sep 5, 2025
@Ansonhkg Ansonhkg changed the title 2 - [Bug] fix(webauthn): to include scopes in the API [Bug] fix(webauthn): to include scopes in the API Sep 5, 2025
MaximusHaximus
MaximusHaximus requested changes Sep 9, 2025
View reviewed changes
Copy link
Contributor

@MaximusHaximus MaximusHaximus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a few issues in-line

@Ansonhkg
Copy link
Collaborator Author

Ansonhkg commented Sep 12, 2025

consolidated 4 different PKP mint schemas and scopes. All networks APIs now import from schemas package instead of internally

This was referenced Sep 15, 2025
Merged
Merged
MaximusHaximus
MaximusHaximus requested changes Sep 16, 2025
View reviewed changes
Copy link
Contributor

@MaximusHaximus MaximusHaximus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job getting rid of the duplication -- just a few things added in-line

packages/schemas/src/lib/auth/auth-schemas.ts Outdated
// Accept string, number, or enum for backwards compatibility
authMethodType: z
.union([
AuthMethodSchema.shape.authMethodType, // z.nativeEnum(AUTH_METHOD_TYPE)
Copy link
Contributor

@MaximusHaximus MaximusHaximus Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We haven't used native enums anywhere in the SDK since aug of '24

I tried running the schemas file using tsx directly, and got an error `ReferenceError: Cannot access 'LitAbilitySchema' before initialization which is related to weird corner-cases with native enums, highlighting why we stopped using them :)

@Ansonhkg
Copy link
Collaborator Author

Ansonhkg commented Sep 16, 2025

so the logic flow is:

  1. User sends WebAuthn request without pubkey (or empty/invalid pubkey)
  2. Schema sets default pubkey: '0x'
  3. Refine catches this cus for WebAuthn, pubkey !== '0x' is required
  4. Validation fails with the error message eg. pubkeyis required for WebAuthn and cannot be 0x"

Ansonhkg
Ansonhkg commented Sep 16, 2025
View reviewed changes
@Ansonhkg Ansonhkg mentioned this pull request Sep 17, 2025
Closed
MaximusHaximus
MaximusHaximus requested changes Sep 17, 2025
View reviewed changes
Copy link
Contributor

@MaximusHaximus MaximusHaximus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Looking pretty close -- just one question about the possible input for the custom schema which we are trying to coerce to a number, even though it appears it could be > 2^53 -- and z.nativeEnum usage that might've been missed in my last review.

packages/schemas/src/lib/auth/auth-schemas.ts
pubkey: HexPrefixedSchema.default('0x'),
scopes: z.array(ScopeSchemaRaw).optional().default([]),
})
.refine(
Copy link
Contributor

@MaximusHaximus MaximusHaximus Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💖 nice, this makes sense

@Ansonhkg Ansonhkg changed the base branch from naga_add_hardcoded_keysets-3 to naga September 19, 2025 13:52
MaximusHaximus
MaximusHaximus approved these changes Sep 23, 2025
View reviewed changes
Copy link
Contributor

@MaximusHaximus MaximusHaximus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@Ansonhkg Ansonhkg merged commit 29a39cb into naga Sep 23, 2025
2 of 3 checks passed
@Ansonhkg Ansonhkg deleted the feature/jss-86-bugnaga-fix-webauthn-cbor-issue-due-to-missing-pub-key branch September 23, 2025 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MaximusHaximus MaximusHaximus MaximusHaximus approved these changes

Assignees

@Ansonhkg Ansonhkg

Labels

🐞 Bug Fix Something isn't working v8 | Naga

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Ansonhkg @MaximusHaximus @GTC6244