What's wrong
libwebauthn implements four transports (USB/HID, BLE, NFC, caBLE/hybrid) but the public surface advertises only two, and registration responses never report the transport used.
Transport and available_transports() in libwebauthn/src/lib.rs expose only Usb and Ble. NFC (transport::nfc, gated behind nfc-backend-pcsc/nfc-backend-libnfc) and caBLE/hybrid (transport::cable) are implemented but omitted.MakeCredentialResponse::to_idl_model() (ops/webauthn/make_credential.rs, ~line 104) always sets transports = Vec::new(), so AuthenticatorAttestationResponseJSON.transports (ops/webauthn/idl/response.rs) is always empty.
Note: the public crate::Transport enum is distinct from the internal transport::Transport marker trait (transport/transport.rs), which already covers HID, BLE, Cable, and Nfc.
Why it matters
Callers reading available_transports() can't discover NFC or hybrid. Per WebAuthn L3 5.2.1.1, RPs persist the response transports and replay them as allowCredentials[].transports hints, so an empty list degrades later authentication UX. The list must be unique and lexicographically sorted, holding only AuthenticatorTransport values (L3 5.8.4: usb, nfc, ble, hybrid, internal, smart-card).
What to do
What's wrong
libwebauthn implements four transports (USB/HID, BLE, NFC, caBLE/hybrid) but the public surface advertises only two, and registration responses never report the transport used.
Transportandavailable_transports()inlibwebauthn/src/lib.rsexpose onlyUsbandBle. NFC (transport::nfc, gated behindnfc-backend-pcsc/nfc-backend-libnfc) and caBLE/hybrid (transport::cable) are implemented but omitted.MakeCredentialResponse::to_idl_model()(ops/webauthn/make_credential.rs, ~line 104) always setstransports = Vec::new(), soAuthenticatorAttestationResponseJSON.transports(ops/webauthn/idl/response.rs) is always empty.Note: the public
crate::Transportenum is distinct from the internaltransport::Transportmarker trait (transport/transport.rs), which already covers HID, BLE,Cable, andNfc.Why it matters
Callers reading
available_transports()can't discover NFC or hybrid. Per WebAuthn L3 5.2.1.1, RPs persist the responsetransportsand replay them asallowCredentials[].transportshints, so an empty list degrades later authentication UX. The list must be unique and lexicographically sorted, holding onlyAuthenticatorTransportvalues (L3 5.8.4:usb,nfc,ble,hybrid,internal,smart-card).What to do
Transportenum (lib.rs).available_transports()to report compiled-in transports. NFC only appears under annfc-backend-*feature. caBLE is always compiled (runtime depends on a BLE adapter,cable::is_available()), so decide whether to report compiled-in support or consultis_available().Channel(transport/channel.rs) and pass it intoto_idl_modelfor the registration response conversion.AuthenticatorAttestationResponseJSON.transportsfrom the active transport, mapping viaCtap2Transport(proto/ctap2/model.rs), which already serializes the correct lowercase tokens.test_response_to_idl_modelinmake_credential.rs, which asserts an empty list.