Please update docs for 4.8 (deprecations toward 5.0)

[ptmkenny]

Description

The docs site still shows 4.7 as the latest version, and there are no examples of how to address deprecation warnings added in 4.8.

For example, in the section on Webauthn Server, it says to use PublicKeyCredentialLoader, but there is a deprecation warning in 4.8:

Call to method create() of deprecated class Webauthn\PublicKeyCredentialLoader:
since 4.8.0 and will be removed in 5.0.0. Please use the Symfony serializer instead

Also, for $this->sourceObject = PublicKeyCredentialSource::createFromArray($pk_array), there's the following deprecation:

Call to deprecated method createFromArray() of class Webauthn\PublicKeyCredentialSource:
since 4.8.0. Please use {Webauthn\Denormalizer\WebauthnSerializerFactory} for converting the object.

I opened the class file, but the class basically consists of a create function, so it seems it's totally dependent on Symfony, which it was not (as I understand it) before. If there's an example of how to get this working, it would also be really helpful.

[Jorgu5]

Bumping this one up as well, waiting for the documentation on the 4.8v. as right now after update, the PublicKeyCredentialLoader stopped working at all and giving an error Unable to load the data. I've tried to implement Symfony serializer but it looks like it requires some custom setup which ends up being more extensive than original PublicKeyCredentialLoader, as the Webauthn\CollectedClientData is not instantiated properly

As when it is used like that only

$this->serializer->deserialize($response, AuthenticatorResponse::class, 'json')

It gives

Exception occurred: Deserialization for the format "json" is not supported.

After adding a proper encoder as an argument, it is still raising some issues

Exception occurred: Cannot create an instance of "Webauthn\CollectedClientData" from serialized data because its constructor requires the following parameters to be present : "$rawData", "$data". in /vendor/symfony/serializer/Normalizer/AbstractNormalizer.php:420

Neither it works when I pass serializer into deprecated PublicKeyCredentialLoader as 2nd argument.

Everything was working <4.8. I can provide more debugging information if needed, but the proper documentation on using deserializer and new ceremony step manager would be very very helpful.

[Spomky]

Hello @ptmkenny, @Jorgu5 and al,

I am really sorry for the inconvenience. The serializer or the ceremony steps should be optional in 4.x, but it is not the case and not working as expected. I need time to rework and fix it. I will do my best to have everything set up and running by next Tuesday.
The documentation branch 4.8 exists, but for unknown reason Gitbook redirects back to 4.7. Anyhow, you should not change anything when updating from 4.7 to 4.8 (BC promise).

[Spomky]

Hi,

First of all, I would like to better explain the changes compared to version 4.7 and explain the reasons for the choices of version 4.8.

The main problem I encounter is that the specification evolves a lot and having Webauthn-1, Webauthn-2 and part of Webauthn-3 together is not that simple. Especially with deprecated things.
The same goes for the framework and it's no small feat to make it work smoothly from one version to the next.

Having load methods to convert a string to an object was nice at the start of the project. But as the specification and framework evolve, it becomes difficult to keep up.

For version 5.0, I decided to create denormalizer objects to divide the logic. All denormalizers glued together under a serializer. Since the Symfony Serializer component is fast and easy to use, I decided to go this way and delegate this task to this component.

I know some developers aren't fans of the Symfony ecosystem, but the BC promise is important and overall allows many classes and methods to be removed (#557 shows it significantly decreasing in size). This will help focussing on the implementation details rather than the concersion tasks.

Let's get back to this issue. The documentation pages for 4.8 are now online and I keep modifying them.
I am clarifying the deprecation notices as well. The migration path from 4.x to 5.0 will be up to date very soon.

Creating and using the serializer should be very simple.
The following lines should be sufficient. The rest of the code should not change. Tell me if it is not the case.

use Webauthn\Denormalizer\WebauthnSerializerFactory;
use Webauthn\PublicKeyCredential;

// $attestationStatementSupportManager is an object you should already have.
$serializer = (new WebauthnSerializerFactory($attestationStatementSupportManager))->create();

$publicKeyCredential = $serializer->deserialize('...the data you need to load...', PublicKeyCredential::class, 'json');

I am sincerely sorry that the migration to this minor version is not going as expected.
If you don't want to use the Symfony Serializer, I will make sure to maintain the branch longer to give you time.

[Jorgu5]

The solution provided works flawlessly. It seems I was using Symfony's SerializerInterface directly without realizing the existence of WebauthnSerializerFactory. Thank you, @Spomky, for the rapid response!

[Spomky]

Hi,

I updated the pages for the PHP implementations.
Now the Ceremony Step Manager, the Serializer or the advanced behaviors pages or up to date. The pages for the Symfony-based applications will follow.

Note that I enabled few options on the documentation pages. In particular, you can now ask the IA to help you. The responses are based on the pages content. Feel free to report any error you may find with the link to the GitHub repository on the right side of every pages.

[ptmkenny]

@Spomky I just want to say thank you for the quick documentation updates! They helped me and now I have my Drupal module working fine with 4.8 thanks to you. Much appreciated!