Skip to content

feat: Align CTAP status values with CTAP 2.2#505

Merged
DennisDyallo merged 3 commits into
yubikit-performancefrom
yubikit-ctap-status-22-alignment
Jun 29, 2026
Merged

feat: Align CTAP status values with CTAP 2.2#505
DennisDyallo merged 3 commits into
yubikit-performancefrom
yubikit-ctap-status-22-alignment

Conversation

@DennisDyallo

@DennisDyallo DennisDyallo commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add CTAP 2.2 status mappings for PUAT required and PIN token expired.
  • Clarify CTAP 2.1 plus CTAP 2.2 status coverage in docs/comments.

Verification

  • dotnet toolchain.cs -- test --project Fido2 --filter "FullyQualifiedName~CtapExceptionTests"
  • Read-only review: no findings

@DennisDyallo DennisDyallo changed the title Align CTAP status values with CTAP 2.2 feat: Align CTAP status values with CTAP 2.2 Jun 24, 2026
@DennisDyallo

Copy link
Copy Markdown
Collaborator Author

@claude remove this, we dont need backwards compat:

Keep obsolete PUVATH alias for source compatibility.

@claude

claude Bot commented Jun 26, 2026

Copy link
Copy Markdown

Claude finished @DennisDyallo's task in 1m 12s —— View job


Removed PuvathRequired backwards compat alias

  • Read CtapStatus.cs to locate PuvathRequired
  • Search for all usages across the codebase
  • Remove the alias and its test
  • Commit and push

Changes made:

  • src/Fido2/src/Ctap/CtapStatus.cs — removed the [Obsolete] PuvathRequired = PuatRequired alias entry
  • src/Fido2/tests/Yubico.YubiKit.Fido2.UnitTests/CtapExceptionTests.cs — removed PuvathRequired_ObsoleteAlias_MapsToPuatRequired test (no longer needed)

The only remaining mention of PuvathRequired is in Plans/audit-gate-2.md (a plan doc, not production code) — left untouched.

Co-authored-by: Dennis Dyallo <DennisDyallo@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the SDK’s CTAP status handling to align with CTAP 2.2 by adding the newer PUAT-required and PIN-token-expired status codes, then wiring those through exception messaging and WebAuthn error mapping.

Changes:

  • Update CtapStatus/CtapException to use PuatRequired (0x36) and add PinTokenExpired (0x38) with descriptive exception messages.
  • Update WebAuthn client and PreviewSign extension to map the new statuses to NotAllowed.
  • Add unit tests to assert CTAP 2.2 numeric values and message text; adjust integration test wording/expectations to reference PuatRequired.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/WebAuthn/src/Extensions/PreviewSign/PreviewSignErrors.cs Map CTAP 2.2 statuses (PuatRequired, PinTokenExpired) to PreviewSign client errors.
src/WebAuthn/src/Client/WebAuthnClient.cs Treat PuatRequired/PinTokenExpired as NotAllowed in CTAP→WebAuthn error mapping.
src/Fido2/tests/Yubico.YubiKit.Fido2.UnitTests/CtapExceptionTests.cs Add assertions for CTAP 2.2 status byte values and exception message text.
src/Fido2/tests/Yubico.YubiKit.Fido2.IntegrationTests/FidoMakeCredentialTests.cs Update test name/docs/expectations to reference PuatRequired (and related firmware variants).
src/Fido2/src/Ctap/CtapStatus.cs Introduce CTAP 2.2 statuses and update documentation links/comments.
src/Fido2/src/Ctap/CtapException.cs Add CTAP 2.2 status message mappings for exception construction.

Comment thread src/Fido2/src/Ctap/CtapStatus.cs
@DennisDyallo DennisDyallo marked this pull request as ready for review June 27, 2026 08:13
@DennisDyallo DennisDyallo merged commit f9f649e into yubikit-performance Jun 29, 2026
4 checks passed
@DennisDyallo DennisDyallo deleted the yubikit-ctap-status-22-alignment branch June 29, 2026 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Development

Successfully merging this pull request may close these issues.

2 participants