Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebauthnSerializerFactory cannot serialize PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions #591

Open
mrpachara opened this issue Apr 10, 2024 · 1 comment
Open

WebauthnSerializerFactory cannot serialize PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions #591

mrpachara opened this issue Apr 10, 2024 · 1 comment
Assignees
@Spomky
Labels
enhancement New feature or request
Milestone
4.9.0

Comments

@mrpachara
Copy link

Version(s) affected

4.8.5

Description

I try to serialize PublicKeyCredentialCreationOptions by using WebauthnSerializerFactory then get error:

Symfony\Component\Serializer\Exception\NotEncodableValueException with message Malformed UTF-8 characters, possibly incorrectly encoded in sonEncode.php:52

But this doesn't happen when I use json_encode(). I think it comes from some of normalizers in serializer.

How to reproduce

Example code:

$serializer = (new WebauthnSerializerFactory($attestationStatementSupportManager))->create();

$publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
    $rpEntity,
    $userEntity,
    \random_bytes(16),
    authenticatorSelection: $authenticatorSelectionCriteria,
    attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
);

// Error
$json = $serializer->serialize(
    $publicKeyCredentialCreationOptions,
    'json',
    [
        JsonEncode::OPTIONS => \JSON_THROW_ON_ERROR,
    ],
);

// No error and can be deserialized
$json = \json_encode(
    $publicKeyCredentialCreationOptions,
    \JSON_THROW_ON_ERROR,
);
$result = $serializer->deserialize(
    $json,
    PublicKeyCredentialCreationOptions::class,
    'json',
);

But when I change \random_bytes(16) to '123456789012345', it works.

$publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
    $rpEntity,
    $userEntity,
    '123456789012345',
    authenticatorSelection: $authenticatorSelectionCriteria,
    attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
);

// No error
$json = $serializer->serialize(
    $publicKeyCredentialCreationOptions,
    'json',
    [
        JsonEncode::OPTIONS => \JSON_THROW_ON_ERROR,
    ],
);

I think the error comes from some of normalizers in serialize() process that change the value of challenge.

Possible Solution

No response

Additional Context

No response
@Spomky
Copy link
Contributor

Spomky commented Apr 19, 2024

Hi,

Indeed, the serializer generated from the WebauthnSerializerFactory is only suitable for reading a JSON object, but not for generating it.
It would be a nice addition though.

@Spomky Spomky self-assigned this Apr 19, 2024
@Spomky Spomky added the enhancement New feature or request label Apr 19, 2024
@Spomky Spomky added this to the 4.9.0 milestone Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Spomky Spomky

Labels
enhancement New feature or request
Projects
None yet
Milestone
4.9.0
Development

No branches or pull requests
2 participants
@Spomky @mrpachara