WebAuthn: fix authenticate when allowCredentials present

Kehrlann · Kehrlann · commit a8eb347bf103 · 2025-11-12T16:03:57.000+01:00
Signed-off-by: Daniel Garnier-Moiroux &lt;git@garnier.wf&gt;
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
@@ -19,6 +19,7 @@
 import java.time.Duration;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -87,6 +88,8 @@
  */
 public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOperations {
 
+	private static final Base64.Encoder ENCODER = Base64.getUrlEncoder().withoutPadding();
+
 	private final PublicKeyCredentialUserEntityRepository userEntities;
 
 	private final UserCredentialRepository userCredentials;
@@ -437,6 +440,7 @@ private static List<byte[]> convertAllowedCredentialsToWebauthn4j(
 			.map(PublicKeyCredentialDescriptor::getId)
 			.filter(Objects::nonNull)
 			.map(Bytes::getBytes)
+			.map(ENCODER::encode)
 			.collect(Collectors.toList());
 	}
 
