You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(webauthn): enforce largeBlob: required on FIDO2 path when device lacks largeBlobs
Previously the FIDO2 path emitted a warn! when extensions.largeBlob.support
== Required and the device did not advertise the largeBlobs option, then
forwarded the request as if largeBlob were preferred. The device returned
success but ignored the extension, leaving the caller with no signal that
the requested extension was dropped.
Return Err(CtapError::UnsupportedExtension) in this case, mirroring the
existing credProtect enforcement immediately above.
Also re-export MakeCredentialLargeBlobExtensionInput from ops::webauthn so
the type required to construct MakeCredentialsRequestExtensions::large_blob
is part of the public API surface.
Refs: WebAuthn L3 section 10.1.5; CTAP 2.1 section 12.1.
0 commit comments