Merge pull request #647 from web-auth/default_algorithms

Set default algorithms for PublicKeyCredentialCreationOptions
web-auth · Sep 9, 2024 · 1a9ebec · 1a9ebec
2 parents d37808f + eb29fa7
commit 1a9ebec
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/src/webauthn/src/PublicKeyCredentialCreationOptions.php b/src/webauthn/src/PublicKeyCredentialCreationOptions.php
@@ -4,6 +4,7 @@
 
 namespace Webauthn;
 
+use Cose\Algorithms;
 use InvalidArgumentException;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\Exception\InvalidDataException;
@@ -60,6 +61,16 @@ public function __construct(
             'Invalid attestation conveyance mode'
         );
 
+        if (count($this->pubKeyCredParams) === 0) {
+            // set default algorithms
+            // see https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams
+            $this->pubKeyCredParams = [
+                PublicKeyCredentialParameters::createPk(Algorithms::COSE_ALGORITHM_EDDSA),
+                PublicKeyCredentialParameters::createPk(Algorithms::COSE_ALGORITHM_ES256),
+                PublicKeyCredentialParameters::createPk(Algorithms::COSE_ALGORITHM_RS256),
+            ];
+        }
+
         parent::__construct($challenge, $timeout, $extensions);
     }
 

diff --git a/tests/library/Unit/PublicKeyCredentialCreationOptionsTest.php b/tests/library/Unit/PublicKeyCredentialCreationOptionsTest.php
@@ -4,6 +4,7 @@
 
 namespace Webauthn\Tests\Unit;
 
+use Cose\Algorithms;
 use PHPUnit\Framework\Attributes\Test;
 use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
 use Webauthn\PublicKeyCredentialCreationOptions;
@@ -100,4 +101,28 @@ public function anPublicKeyCredentialCreationOptionsWithoutExcludeCredentialsCan
             ]);
         static::assertSame([], $data->excludeCredentials);
     }
+
+    #[Test]
+    public function aPublicKeyCredentialCreationOptionsIsCreatedWithDefaultAlgorithms(): void
+    {
+        $rp = PublicKeyCredentialRpEntity::create('RP');
+        $user = PublicKeyCredentialUserEntity::create('USER', 'id', 'FOO BAR');
+
+        $options = PublicKeyCredentialCreationOptions::create(
+            $rp,
+            $user,
+            'challenge',
+        );
+
+        $actualAlgorithms = [];
+        foreach ($options->pubKeyCredParams as $pubKeyCredParam) {
+            $actualAlgorithms[] = $pubKeyCredParam->alg;
+        }
+
+        static::assertSame([
+            Algorithms::COSE_ALGORITHM_EDDSA,
+            Algorithms::COSE_ALGORITHM_ES256,
+            Algorithms::COSE_ALGORITHM_RS256,
+        ], $actualAlgorithms);
+    }
 }