Skip to content

Add serialize/deserialize PublicKeyCredentialRequestOptions support with ObjectMapper #16433

New issue
New issue
Open
Open
Add serialize/deserialize PublicKeyCredentialRequestOptions support with ObjectMapper#16433
Labels
status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement
@rwinch

Description

@rwinch
rwinch
opened on Jan 16, 2025

Spring Security should add support for serialize/deserialize PublicKeyCredentialRequestOptions with ObjectMapper so it is easier to persist with Spring Session.

NOTE: WebauthnJackson2Module is used for reading/writing to the HTTP Response which includes untrusted inputs. This means that it cannot enable default-typing otherwise it could create deserialization vulnerabilities.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions