KEMBAR78
Update AttestationVerifier api to Async by iamcarbon · Pull Request #458 · passwordless-lib/fido2-net-lib · GitHub
Skip to content

Update AttestationVerifier api to Async #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 22, 2023
Merged

Update AttestationVerifier api to Async #458

merged 4 commits into from
Dec 22, 2023

Conversation

@iamcarbon
Copy link
Contributor

@iamcarbon iamcarbon commented Nov 6, 2023
edited
Loading

In preparation to utilize the preferred Microsoft.IdendityModel.JsonWebTokens async API, this PR updates the methods that will need to also be made async.

This PR contains the following changes:

  • Replaces a named tuple with a dedicated VerifyAttestationResult type
  • Updates the AttestationVerifier.Verify methods to Async

joegoldman2
joegoldman2 reviewed Nov 6, 2023
View reviewed changes
Src/Fido2/AttestationFormat/AppleAppAttest.cs
Span<byte> appIdHash = stackalloc byte[32];
SHA256.HashData(appId, appIdHash);
if (!appIdHash.SequenceEqual(request.AuthData.RpIdHash))
byte[] appIdHash = SHA256.HashData(appId);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure to understand this change. Why not continue to hash into a stackalloc byte[32] directly instead of allocating a byte array?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ref structs (including Spans) aren't allowed inside of an async block.

@iamcarbon
Copy link
Contributor Author

iamcarbon commented Nov 6, 2023
edited
Loading

@abergs @aseigler Ready for review / feedback.

joegoldman2
joegoldman2 approved these changes Nov 6, 2023
View reviewed changes
Copy link
Contributor

@joegoldman2 joegoldman2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@abergs
Copy link
Collaborator

abergs commented Nov 10, 2023

In preparation to utilize the preferred Microsoft.IdendityModel.JsonWebTokens async API, this PR updates the methods that will need to also be made async.

I'm not familiar, could help explain to me why our methods would need to be made async?

@iamcarbon
Copy link
Contributor Author

iamcarbon commented Nov 13, 2023
edited
Loading

Hey @abergs The new Microsoft.IdendityModel.JsonWebTokens obsoleted the synchronous API used to validate JSON web tokens, and replaced it with an async API

Here's the new method we'll need to use to swap out the library .

https://learn.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.jsonwebtokens.jsonwebtokenhandler.validatetokenasync?view=msal-web-dotnet-latest#microsoft-identitymodel-jsonwebtokens-jsonwebtokenhandler-validatetokenasync(microsoft-identitymodel-tokens-securitytoken-microsoft-identitymodel-tokens-tokenvalidationparameters)

The main benefits of switching to the new library are:

  • It provides a simpler non-throwing API
  • Improved performance (and way less allocations)
  • Is fully trimmable [important for AOT builds]
  • Is actively developed / maintained

@abergs
Copy link
Collaborator

abergs commented Nov 17, 2023

Thanks for explaining @iamcarbon, I didn't catch that this was related to our calls to JwtSecurityTokenHandler.

Everything looks good, just some conflicts to resolve.

@iamcarbon
Copy link
Contributor Author

@abergs Resolved.

@abergs abergs merged commit 99dc99c into passwordless-lib:master Dec 22, 2023
@dependabot dependabot bot mentioned this pull request Aug 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abergs abergs abergs approved these changes

+1 more reviewer

@joegoldman2 joegoldman2 joegoldman2 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iamcarbon @abergs @joegoldman2