JsonException: Malformed UTF-8 characters

[asbiin]

Version(s) affected

4.7.0

Description

Since #458 this error occurs when registering or validating a key

JsonException(code: 5): Malformed UTF-8 characters, possibly incorrectly encoded at vendor/web-auth/webauthn-lib/src/PublicKeyCredential.php:26

It's triggered from PublicKeyCredentialLoader::loadArray

...
$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => $publicKeyCredential,
]);

this line renders the publicKeyCredential as string, and hits [PublicKeyCredential::__toString](https://github.com/web-auth/webauthn-framework/blob/87895ca9a1b6064b7e67c320878c09bfe230534d/src/webauthn/src/PublicKeyCredential.php#L26]

return json_encode($this, JSON_THROW_ON_ERROR);

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

How to reproduce

Register or authenticate a key.
This happen to me in https://github.com/asbiin/laravel-webauthn-example/ but I guess it can happen in any application.

Possible Solution

Change the __toString method to not render the AuthenticatorResponse?

Additional Context

No response

[Spomky]

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

Hi @asbiin,

Thank you for this report.
I do not remember why, but I do not see any reason for this class to implement Stringable.
Moreover, before 4.7, the class always returns {} (which has no sense) because it does not implement \JsonSerializable.

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

I note for 5.0 that the class should not implement Stringable and the method __toString should be removed.

[asbiin]

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

This sounds good 👍🏼
Thank you.

[gawsoftpl]

I have same error too. I downgrade to version 4.6.4 and works

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.