Skip to content

Fix webauthn multifactor authentication #18163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 14, 2025
Merged

Fix webauthn multifactor authentication #18163

merged 3 commits into from
Nov 14, 2025

Conversation

@Kehrlann
Copy link
Contributor

@Kehrlann Kehrlann commented Nov 12, 2025

Fixes gh-18158 and improves webauthn webdriver tests.

@Kehrlann Kehrlann force-pushed the dgarnier/fix-webauthn-authenticate-allowcredentials branch from 9c81e97 to f79029b Compare November 12, 2025 15:04
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 12, 2025
@Kehrlann @rwinch
Improve webauthn webdriver tests
3f15724 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
@Kehrlann Kehrlann force-pushed the dgarnier/fix-webauthn-authenticate-allowcredentials branch from f79029b to 4895b09 Compare November 14, 2025 20:39
@rwinch
Add Webauthn4JRelyingPartyOperations.setObjectConverter
45301d3 
Simplifies testing of Webauthn4JRelyingPartyOperations

Issue spring-projectsgh-18158
@rwinch
AuthenticationRequest uses rawId.getBytes()
b227f53 
Previously id.getBytes() was used which was problemantic because
the id is base64 encoded and this did not match the expected ids.

Closes spring-projectsgh-18158
@rwinch rwinch force-pushed the dgarnier/fix-webauthn-authenticate-allowcredentials branch from 4895b09 to b227f53 Compare November 14, 2025 21:08
@rwinch rwinch changed the title Fix webauthn authenticate allowcredentials Fix webauthn multifactor authentication Nov 14, 2025
@rwinch rwinch mentioned this pull request Nov 14, 2025
Closed
@rwinch rwinch self-assigned this Nov 14, 2025
@rwinch rwinch added type: bug A general bug in: webauthn WebAuthn and Passkeys and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 14, 2025
@rwinch rwinch added this to the 7.0.0 milestone Nov 14, 2025
@rwinch rwinch enabled auto-merge (rebase) November 14, 2025 21:13
@rwinch
Copy link
Member

rwinch commented Nov 14, 2025

Thanks again for your help identifying the issue, providing tests, and a fix for it.

I pushed a few minor changes:

  • The fix now passes the raw id vs the id (which is base64 encoded) into webauthn4j APIs rather than base64 encoding the allowed credentialIds
  • I added a unit test to ensure that this is fixed in unit tests and not just the WebDriver tests

@rwinch rwinch merged commit 26991bb into spring-projects:main Nov 14, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rwinch rwinch

Labels

in: webauthn WebAuthn and Passkeys type: bug A general bug

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

WebAuthn login fails when validating allowCredentials

3 participants

@Kehrlann @rwinch @spring-projects-issues