Add .NET 9,.NET 10. Drop .NET 10. Upgrade to latest L3 specification draft.

.editorconfig

@@ -12,7 +12,7 @@ max_line_length = 999999999
 # Xml project files
 [*.csproj]
 indent_size = 2
-ij_formatter_enabled = false
+ij_formatter_enabled = true
 # Xml config files
 [*.props]
 indent_size = 2

.github/workflows/CI.yml

@@ -12,18 +12,25 @@ jobs:
             DOTNET_CLI_TELEMETRY_OPTOUT: true
         steps:
             -   name: Checkout
-                uses: actions/checkout@v5
-            -   name: Setup .NET SDK 6.0
+                uses: actions/checkout@v6
+            -   name: Setup .NET SDK 8.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 6.0.425
+                    dotnet-version: 8.0.402
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
-            -   name: Setup .NET SDK 8.0
+            -   name: Setup .NET SDK 9.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 8.0.402
+                    dotnet-version: 9.0.308
+                    source-url: ${{ secrets.NUGET_SOURCE }}
+                env:
+                    NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
+            -   name: Setup .NET SDK 10.0
+                uses: actions/setup-dotnet@v5
+                with:
+                    dotnet-version: 10.0.101
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}

.github/workflows/Release.yml

@@ -13,22 +13,29 @@ jobs:
         environment: Production
         steps:
             -   name: Checkout
-                uses: actions/checkout@v5
+                uses: actions/checkout@v6
                 with:
                     ref: ${{ github.sha }}
             -   name: Set release version
                 run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-            -   name: Setup .NET SDK 6.0
+            -   name: Setup .NET SDK 8.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 6.0.425
+                    dotnet-version: 8.0.402
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
-            -   name: Setup .NET SDK 8.0
+            -   name: Setup .NET SDK 9.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 8.0.402
+                    dotnet-version: 9.0.308
+                    source-url: ${{ secrets.NUGET_SOURCE }}
+                env:
+                    NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
+            -   name: Setup .NET SDK 10.0
+                uses: actions/setup-dotnet@v5
+                with:
+                    dotnet-version: 10.0.101
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build-env
 
 COPY . ./app
 
@@ -7,7 +7,7 @@ WORKDIR /app/demo/WebAuthn.Net.Demo.Mvc
 RUN dotnet restore
 RUN dotnet publish -c Release -o out
 
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+FROM mcr.microsoft.com/dotnet/aspnet:10.0
 WORKDIR /app
 COPY --from=build-env /app/demo/WebAuthn.Net.Demo.Mvc/out .
 ENTRYPOINT ["dotnet", "WebAuthn.Net.Demo.Mvc.dll"]

README.md

@@ -1,6 +1,6 @@
 # WebAuthn.Net
 
-A production-ready, easy-to-use, extensible implementation of the [WebAuthn Level 3 standard](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/), passing the [FIDO conformance test](https://fidoalliance.org/certification/functional-certification/conformance/), for the server side of web applications on .NET 6 and .NET 8.
+A production-ready, easy-to-use, extensible implementation of the [WebAuthn Level 3 standard](https://www.w3.org/TR/webauthn-3), passing the [FIDO conformance test](https://fidoalliance.org/certification/functional-certification/conformance/), for the server side of web applications on .NET 8, .NET 9 and .NET 10.
 
 <a href="https://webauthn.dodo.dev"><img src="https://img.shields.io/badge/Demo-blue"/></a>
 <a href="https://www.nuget.org/packages/WebAuthn.Net/"><img src="https://img.shields.io/badge/NuGet-blue"/></a>
@@ -18,7 +18,7 @@ The documentation for each project is described in its README.md file.
 
 ## Supported features
 
-- ✅ [Passkeys](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#passkey) are supported out of the box
+- ✅ [Passkeys](https://www.w3.org/TR/webauthn-3/#passkey) are supported out of the box
 - ✅ Attestation API & verification (Register and verify credentials/authenticators)
 - ✅ Assertion API & verification (Authenticate users)
 - ✅ 100% completion of the entire [FIDO Conformance Test](https://fidoalliance.org/certification/functional-certification/conformance/), including all optional features
@@ -27,13 +27,13 @@ The documentation for each project is described in its README.md file.
 - ✅ Authenticators embedded in the device (FaceID, TouchID, Windows Hello)
 - ✅ Roaming aka cross-platform authenticators (USB/NFC/BLE keys, for example Yubico)
 - ✅ All current attestation statement formats
-    - [packed](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-packed-attestation)
-    - [tpm](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-tpm-attestation)
-    - [android-key](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-android-key-attestation)
-    - [android-safetynet](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-android-safetynet-attestation)
-    - [fido-u2f](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-fido-u2f-attestation)
-    - [none](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-none-attestation)
-    - [apple](https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#sctn-apple-anonymous-attestation)
+    - [packed](https://www.w3.org/TR/webauthn-3/#sctn-packed-attestation)
+    - [tpm](https://www.w3.org/TR/webauthn-3/#sctn-tpm-attestation)
+    - [android-key](https://www.w3.org/TR/webauthn-3/#sctn-android-key-attestation)
+    - [android-safetynet](https://www.w3.org/TR/webauthn-3/#sctn-android-safetynet-attestation)
+    - [fido-u2f](https://www.w3.org/TR/webauthn-3/#sctn-fido-u2f-attestation)
+    - [none](https://www.w3.org/TR/webauthn-3/#sctn-none-attestation)
+    - [apple](https://www.w3.org/TR/webauthn-3/#sctn-apple-anonymous-attestation)
 - ✅ All cryptographic algorithms required to pass the [FIDO Conformance Test](https://fidoalliance.org/certification/functional-certification/conformance/)
     - [RS1](https://www.rfc-editor.org/rfc/rfc8812.html#section-2)
     - [RS256](https://www.rfc-editor.org/rfc/rfc8812.html#section-2)
@@ -61,8 +61,9 @@ The documentation for each project is described in its README.md file.
 
 ### Required dependencies
 
-- [.NET SDK 6.0.425+](https://dotnet.microsoft.com/en-us/download/dotnet/6.0)
-- [.NET SDK 8.0.402+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
+- [.NET SDK 8.0.416+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
+- [.NET SDK 9.0.308+](https://dotnet.microsoft.com/en-us/download/dotnet/9.0)
+- [.NET SDK 10.0.101+](https://dotnet.microsoft.com/en-us/download/dotnet/10.0)
 
 ## Tips for Contribution
 

WebAuthn.Net.slnx

@@ -0,0 +1,34 @@
+<Solution>
+    <Folder Name="/root/">
+        <File Path=".editorconfig"/>
+        <File Path=".gitattributes"/>
+        <File Path=".gitignore"/>
+        <File Path="Directory.Build.props"/>
+        <File Path="global.json"/>
+        <File Path="NOTICE.md"/>
+        <File Path="README.md"/>
+    </Folder>
+    <Folder Name="/root/.config/">
+        <File Path=".config/dotnet-tools.json"/>
+    </Folder>
+    <Folder Name="/root/.github/"/>
+    <Folder Name="/root/.github/workflows/">
+        <File Path=".github/workflows/CI.yml"/>
+        <File Path=".github/workflows/Release.yml"/>
+    </Folder>
+    <Folder Name="/root/demo/">
+        <Project Path="demo/WebAuthn.Net.Demo.FidoConformance/WebAuthn.Net.Demo.FidoConformance.csproj"/>
+        <Project Path="demo/WebAuthn.Net.Demo.Mvc/WebAuthn.Net.Demo.Mvc.csproj"/>
+    </Folder>
+    <Folder Name="/root/src/">
+        <Project Path="src/WebAuthn.Net.OpenTelemetry/WebAuthn.Net.OpenTelemetry.csproj"/>
+        <Project Path="src/WebAuthn.Net.Storage.InMemory/WebAuthn.Net.Storage.InMemory.csproj"/>
+        <Project Path="src/WebAuthn.Net.Storage.MySql/WebAuthn.Net.Storage.MySql.csproj"/>
+        <Project Path="src/WebAuthn.Net.Storage.PostgreSql/WebAuthn.Net.Storage.PostgreSql.csproj"/>
+        <Project Path="src/WebAuthn.Net.Storage.SqlServer/WebAuthn.Net.Storage.SqlServer.csproj"/>
+        <Project Path="src/WebAuthn.Net/WebAuthn.Net.csproj"/>
+    </Folder>
+    <Folder Name="/root/tests/">
+        <Project Path="tests/WebAuthn.Net.Tests.Unit/WebAuthn.Net.Tests.Unit.csproj"/>
+    </Folder>
+</Solution>

demo/WebAuthn.Net.Demo.FidoConformance/Middleware/RequestLoggingMiddleware.cs

@@ -38,7 +38,19 @@
         var json = Encoding.UTF8.GetString(ms.ToArray());
         var element = JsonSerializer.Deserialize<JsonElement>(json);
         var intendedJson = JsonSerializer.Serialize(element, _jsonSerializerOptions);
-        _logger.LogInformation($"Request {context.Request.Method} {context.Request.GetEncodedPathAndQuery()}{Environment.NewLine}Body:{Environment.NewLine}{intendedJson}");
+        _logger.LogRequestInformation(context.Request.Method, context.Request.GetEncodedPathAndQuery(), intendedJson);
         await next(context);
     }
 }
+
+internal static partial class RequestLoggingMiddlewareLoggingExtensions
+{
+    [LoggerMessage(
+        Level = LogLevel.Information,
+        Message = "Request {Method} {PathAndQuery}\nBody:\n{Body}")]
+    public static partial void LogRequestInformation(
+        this ILogger logger,
+        string method,
+        string pathAndQuery,
+        string body);
+}

demo/WebAuthn.Net.Demo.FidoConformance/Models/Assertion/CompleteCeremony/Request/ServerAuthenticatorAssertionResponse.cs

@@ -10,14 +10,12 @@ public ServerAuthenticatorAssertionResponse(
         string clientDataJson,
         string authenticatorData,
         string signature,
-        string userHandle,
-        string? attestationObject)
+        string userHandle)
     {
         ClientDataJson = clientDataJson;
         AuthenticatorData = authenticatorData;
         Signature = signature;
         UserHandle = userHandle;
-        AttestationObject = attestationObject;
     }
 
     [JsonPropertyName("clientDataJSON")]
@@ -38,8 +36,4 @@ public ServerAuthenticatorAssertionResponse(
     [JsonPropertyName("userHandle")]
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
     public string UserHandle { get; }
-
-    [JsonPropertyName("attestationObject")]
-    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
-    public string? AttestationObject { get; }
 }

demo/WebAuthn.Net.Demo.FidoConformance/Models/Assertion/CompleteCeremony/Request/ServerPublicKeyCredential.cs

@@ -57,7 +57,6 @@ private static AuthenticatorAssertionResponseJSON ParseResponse(ServerAuthentica
             input.ClientDataJson,
             input.AuthenticatorData,
             input.Signature,
-            input.UserHandle,
-            input.AttestationObject);
+            input.UserHandle);
     }
 }

demo/WebAuthn.Net.Demo.FidoConformance/Models/Assertion/CreateOptions/Request/ServerPublicKeyCredentialGetOptionsRequest.cs

@@ -61,8 +61,6 @@ public bool TryToBeginCeremonyRequest([NotNullWhen(true)] out BeginAuthenticatio
             AuthenticationCeremonyIncludeCredentials.AllExisting(),
             userVerification,
             null,
-            null,
-            null,
             Extensions);
         return true;
     }