Skip to content

feat(transport): advertise NFC and hybrid transports#282

Merged
AlfioEmanueleFresta merged 5 commits into
masterfrom
feat/advertise-nfc-hybrid-transports
Jun 17, 2026
Merged

feat(transport): advertise NFC and hybrid transports#282
AlfioEmanueleFresta merged 5 commits into
masterfrom
feat/advertise-nfc-hybrid-transports

Conversation

@AlfioEmanueleFresta

Copy link
Copy Markdown
Member

The library implements four transports but advertised only USB and BLE, and registration responses always returned an empty transports list. This adds NFC and hybrid to the public transport list, with NFC shown only when a backend is compiled in, and fills the registration transports from the transport actually used, ordered and deduplicated per the WebAuthn rules.

Closes #258.

…ransports

Add NFC and hybrid/caBLE to the public Transport enum and report compiled-in transports from available_transports. NFC is gated behind the nfc-backend features and hybrid is always present.

Thread the active transport from the channel into registration response serialization so the response transports member carries the AuthenticatorTransport token. The list is deduplicated, sorted, and stays empty when the transport is unknown. Both the FIDO2 and U2F-downgrade paths are covered.
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/advertise-nfc-hybrid-transports branch from b497ec4 to d834534 Compare June 15, 2026 21:30
@iinuwa

iinuwa commented Jun 15, 2026

Copy link
Copy Markdown
Member

@AlfioEmanueleFresta, my read of the WebAuthn spec says that transports should be all the transports supported by the authenticator. Since libwebauthn doesn't expose authenticator get info directly, does it make sense to have the transports be returned by libwebauthn (e.g. in the MakeCredentialResponse) instead of the caller specifying it?

@AlfioEmanueleFresta

AlfioEmanueleFresta commented Jun 16, 2026

Copy link
Copy Markdown
Member Author

Thanks @iinuwa, agreed. I switched it to do exactly that. The registration transports now come from the authenticator's getInfo (member 0x09, which libwebauthn already decodes), populated on MakeCredentialResponse rather than specified by the caller, and folded together with the transport the ceremony actually ran over. The list is emitted as unique tokens in lexicographical order per WebAuthn L3 §5.2.1.1.

This follows the spec's getTransports() definition (the transport used to register, unioned with the transports the client believes the authenticator supports) and matches Chromium, which folds getInfo 0x09 into that set. For authenticators that don't report 0x09 (CTAP 2.0) or on the U2F downgrade path, the union reduces to just the ceremony transport, which preserves the prior behavior.

@AlfioEmanueleFresta AlfioEmanueleFresta marked this pull request as ready for review June 16, 2026 18:27
@iinuwa

iinuwa commented Jun 16, 2026

Copy link
Copy Markdown
Member

Yeah, that sounds good to union those, though it would be weird if an authenticator didn't specify that it supports the transport it just used.

@iinuwa iinuwa left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@AlfioEmanueleFresta AlfioEmanueleFresta merged commit 6749f91 into master Jun 17, 2026
6 checks passed
@AlfioEmanueleFresta AlfioEmanueleFresta deleted the feat/advertise-nfc-hybrid-transports branch June 17, 2026 22:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(transport): advertise NFC/hybrid and report registration transports

2 participants