Skip to content

fix(pin): honor PIN policy and normalize PINs#281

Merged
AlfioEmanueleFresta merged 2 commits into
masterfrom
fix/clientpin-policy-and-normalization
Jun 19, 2026
Merged

fix(pin): honor PIN policy and normalize PINs#281
AlfioEmanueleFresta merged 2 commits into
masterfrom
fix/clientpin-policy-and-normalization

Conversation

@AlfioEmanueleFresta

Copy link
Copy Markdown
Member

The PIN flow ignored authenticator policy and measured PINs in bytes. This routes operations away from a PIN token when the device forbids it, drives a required PIN change first, and normalizes PINs to NFC with the minimum length checked in code points.

Closes #256.

@AlfioEmanueleFresta AlfioEmanueleFresta marked this pull request as ready for review June 19, 2026 21:33
Honor noMcGaPermissionsWithClientPin by routing mc and ga to built-in UV
or failing clearly instead of minting a clientPin token. Drive a
change-PIN flow when forcePINChange is set before acquiring a PIN-based
token. Normalize collected and new PINs to Unicode NFC and check the
minimum length in code points while keeping the 63-byte UTF-8 maximum.
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the fix/clientpin-policy-and-normalization branch from 153b07e to 7d3ce1b Compare June 19, 2026 22:03
@AlfioEmanueleFresta AlfioEmanueleFresta merged commit dca2054 into master Jun 19, 2026
5 checks passed
@AlfioEmanueleFresta AlfioEmanueleFresta deleted the fix/clientpin-policy-and-normalization branch June 19, 2026 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(pin): honor getInfo PIN policy and NFC-normalize PINs

1 participant