Skip to content

refactor(webauthn): use RequestOrigin instead of RelyingPartyId in WebAuthnIDL (fix #185) #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AlfioEmanueleFresta merged 5 commits into from
May 12, 2026
Merged

refactor(webauthn): use RequestOrigin instead of RelyingPartyId in WebAuthnIDL (fix #185) #188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e29769d
Add Origin and RequestOrigin types
AlfioEmanueleFresta May 8, 2026
f60bf44
Replace cross_origin with top_origin on requests and ClientData
AlfioEmanueleFresta May 9, 2026
f02de7e
Switch WebAuthnIDL to take RequestOrigin instead of RelyingPartyId
AlfioEmanueleFresta May 9, 2026
fce62be
Bump version to 0.4.0
AlfioEmanueleFresta May 9, 2026
806107f
Allow http://localhost and delegate parsing to url crate
AlfioEmanueleFresta May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions libwebauthn-tests/tests/basic_ctap2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ async fn test_webauthn_basic_ctap2() {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
Expand All @@ -66,7 +66,7 @@ async fn test_webauthn_basic_ctap2() {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions::default()),
Expand Down
4 changes: 2 additions & 2 deletions libwebauthn-tests/tests/preflight.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ async fn make_credential_call(
exclude: exclude_list,
extensions: None,
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

let response = channel
Expand All @@ -71,7 +71,7 @@ async fn get_assertion_call(
user_verification: UserVerificationRequirement::Discouraged,
extensions: None,
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

channel.webauthn_get_assertion(&get_assertion).await
Expand Down
8 changes: 4 additions & 4 deletions libwebauthn-tests/tests/prf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ async fn run_test_battery(channel: &mut HidChannel<'_>, using_pin: bool) {
exclude: None,
extensions: Some(extensions),
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

let state_recv = channel.get_ux_update_receiver();
Expand Down Expand Up @@ -175,7 +175,7 @@ async fn run_test_battery(channel: &mut HidChannel<'_>, using_pin: bool) {
user_verification: UserVerificationRequirement::Preferred,
extensions: None,
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

let _response = channel
Expand Down Expand Up @@ -494,7 +494,7 @@ async fn run_success_test(
..Default::default()
}),
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

let response = channel
Expand Down Expand Up @@ -561,7 +561,7 @@ async fn run_failed_test(
..Default::default()
}),
timeout: TIMEOUT,
cross_origin: None,
top_origin: None,
};

let response: Result<(), WebAuthnError> = loop {
Expand Down
3 changes: 2 additions & 1 deletion libwebauthn/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "libwebauthn"
description = "FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust "
version = "0.3.1"
version = "0.4.0"
authors = ["Alfie Fresta <alfie.fresta@gmail.com>"]
edition = "2021"
license-file = "../COPYING"
Expand Down Expand Up @@ -32,6 +32,7 @@ base64-url = "3.0.0"
dbus = "0.9.5"
tracing = "0.1.29"
idna = "1.0.3"
url = "2.5"
maplit = "1.0.2"
sha2 = "0.10.2"
uuid = { version = "1.5.0", features = ["serde", "v4"] }
Expand Down
2 changes: 1 addition & 1 deletion libwebauthn/examples/prf_test.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ async fn run_success_test(
relying_party_id: "demo.yubico.com".to_owned(),
challenge: Vec::from(challenge),
origin: "demo.yubico.com".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential.clone()],
user_verification: UserVerificationRequirement::Preferred,
extensions: Some(GetAssertionRequestExtensions {
Expand Down
4 changes: 2 additions & 2 deletions libwebauthn/examples/webauthn_cable.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
Expand Down Expand Up @@ -170,7 +170,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions::default()),
Expand Down
4 changes: 2 additions & 2 deletions libwebauthn/examples/webauthn_extensions_hid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Required),
Expand Down Expand Up @@ -149,7 +149,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions {
Expand Down
4 changes: 2 additions & 2 deletions libwebauthn/examples/webauthn_hid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
Expand Down Expand Up @@ -160,7 +160,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions::default()),
Expand Down
9 changes: 5 additions & 4 deletions libwebauthn/examples/webauthn_json_hid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use tokio::sync::broadcast::Receiver;
use tracing_subscriber::{self, EnvFilter};

use libwebauthn::ops::webauthn::{
GetAssertionRequest, JsonFormat, MakeCredentialRequest, RelyingPartyId, WebAuthnIDL as _,
GetAssertionRequest, JsonFormat, MakeCredentialRequest, RequestOrigin, WebAuthnIDL as _,
WebAuthnIDLResponse as _,
};
use libwebauthn::pin::PinRequestReason;
Expand Down Expand Up @@ -79,7 +79,8 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let mut channel = device.channel().await?;
channel.wink(TIMEOUT).await?;

let rpid = RelyingPartyId("example.org".to_owned());
let request_origin: RequestOrigin =
"https://example.org".try_into().expect("Invalid origin");
let request_json = r#"
{
"rp": {
Expand All @@ -105,7 +106,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
}
"#;
let make_credentials_request: MakeCredentialRequest =
MakeCredentialRequest::from_json(&rpid, request_json)
MakeCredentialRequest::from_json(&request_origin, request_json)
.expect("Failed to parse request JSON");
println!(
"WebAuthn MakeCredential request: {:?}",
Expand Down Expand Up @@ -157,7 +158,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
}
"#;
let get_assertion: GetAssertionRequest =
GetAssertionRequest::from_json(&rpid, request_json)
GetAssertionRequest::from_json(&request_origin, request_json)
.expect("Failed to parse request JSON");
println!("WebAuthn GetAssertion request: {:?}", get_assertion);

Expand Down
4 changes: 2 additions & 2 deletions libwebauthn/examples/webauthn_nfc.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
Expand Down Expand Up @@ -161,7 +161,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
allow: vec![credential],
user_verification: UserVerificationRequirement::Discouraged,
extensions: None,
Expand Down
4 changes: 2 additions & 2 deletions libwebauthn/examples/webauthn_preflight_hid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ async fn make_credential_call(
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Discouraged),
Expand Down Expand Up @@ -203,7 +203,7 @@ async fn get_assertion_call(
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: allow_list,
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions::default()),
Expand Down
6 changes: 3 additions & 3 deletions libwebauthn/examples/webauthn_prf_hid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
let make_credentials_request = MakeCredentialRequest {
challenge: Vec::from(challenge),
origin: "example.org".to_owned(),
cross_origin: None,
top_origin: None,
relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
resident_key: Some(ResidentKeyRequirement::Required),
Expand Down Expand Up @@ -421,7 +421,7 @@ async fn run_success_test(
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: vec![credential.clone()],
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions {
Expand Down Expand Up @@ -465,7 +465,7 @@ async fn run_failed_test(
relying_party_id: "example.org".to_owned(),
challenge: Vec::from(challenge),
origin: "example.org".to_string(),
cross_origin: None,
top_origin: None,
allow: credential.map(|x| vec![x.clone()]).unwrap_or_default(),
user_verification: UserVerificationRequirement::Discouraged,
extensions: Some(GetAssertionRequestExtensions {
Expand Down
2 changes: 1 addition & 1 deletion libwebauthn/src/ops/u2f.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ impl UpgradableResponse<GetAssertionResponse, SignRequest> for SignResponse {
relying_party_id: String::new(), // We don't have access to that info here, but we don't need it either
challenge: Vec::new(), // U2F path doesn't use client_data for response serialization
origin: String::new(),
cross_origin: None,
top_origin: None,
allow: vec![Ctap2PublicKeyCredentialDescriptor {
r#type: Ctap2PublicKeyCredentialType::PublicKey,
id: request.key_handle.clone().into(),
Expand Down
Loading
Loading