passwordless-lib · abergs · Nov 17, 2023 · Oct 23, 2023
diff --git a/Src/Fido2/Fido2.cs b/Src/Fido2/Fido2.cs
@@ -58,18 +58,18 @@ public CredentialCreateOptions RequestNewCredential(
     /// Verifies the response from the browser/authenticator after creating new credentials.
     /// </summary>
     /// <param name="attestationResponse">The attestation response from the authenticator.</param>
-    /// <param name="origChallenge">The original options that was sent to the client.</param>
+    /// <param name="originalOptions">The original options that was sent to the client.</param>
     /// <param name="isCredentialIdUniqueToUser">The delegate used to validate that the CredentialID is unique to this user.</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
     /// <returns></returns>
     public async Task<MakeNewCredentialResult> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
-        CredentialCreateOptions origChallenge,
+        CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
         CancellationToken cancellationToken = default)
     {
         var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
-        var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken);
+        var success = await parsedResponse.VerifyAsync(originalOptions, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken);
 
         // todo: Set Errormessage etc.
         return new MakeNewCredentialResult(

diff --git a/Src/Fido2/IFido2.cs b/Src/Fido2/IFido2.cs
@@ -9,8 +9,8 @@ namespace Fido2NetLib;
 public interface IFido2
 {
     AssertionOptions GetAssertionOptions(
-        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
-        UserVerificationRequirement? userVerification,
+        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
+        UserVerificationRequirement? userVerification,
         AuthenticationExtensionsClientInputs? extensions = null);
 
     Task<VerifyAssertionResult> MakeAssertionAsync(
@@ -24,7 +24,7 @@ Task<VerifyAssertionResult> MakeAssertionAsync(
 
     Task<MakeNewCredentialResult> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
-        CredentialCreateOptions origChallenge,
+        CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
         CancellationToken cancellationToken = default);
 

diff --git a/Test/Attestation/Apple.cs b/Test/Attestation/Apple.cs
@@ -233,7 +233,7 @@ public async Task TestApplePublicKeyMismatch()
             }
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -271,7 +271,7 @@ public async Task TestApplePublicKeyMismatch()
             Origins = new HashSet<string> { "https://www.passwordless.dev" },
         });
 
-        var credentialMakeResult = await lib.MakeNewCredentialAsync(attestationResponse, origChallenge, callback);
+        var credentialMakeResult = await lib.MakeNewCredentialAsync(attestationResponse, originalOptions, callback);
     }
 
     private string[] StackAllocSha256(byte[] authData, byte[] clientDataJson)

diff --git a/Test/AuthenticatorResponse.cs b/Test/AuthenticatorResponse.cs
@@ -87,7 +87,7 @@ public async Task TestAuthenticatorOriginsAsync(string origin, string expectedOr
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -125,7 +125,7 @@ public async Task TestAuthenticatorOriginsAsync(string origin, string expectedOr
             Origins = new HashSet<string> { expectedOrigin },
         });
 
-        var result = await lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback);
+        var result = await lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback);
     }
 
     [Theory]
@@ -190,7 +190,7 @@ public async Task TestAuthenticatorOriginsFail(string origin, string expectedOri
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -228,7 +228,7 @@ public async Task TestAuthenticatorOriginsFail(string origin, string expectedOri
             Origins = new HashSet<string> { expectedOrigin },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.StartsWith("Fully qualified origin", ex.Message);
     }
 
@@ -401,7 +401,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidType()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -439,7 +439,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidType()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Same(Fido2ErrorMessages.AttestationResponseTypeNotWebAuthnGet, ex.Message);
     }
 
@@ -473,7 +473,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidRawId(byte[] value)
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -511,7 +511,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidRawId(byte[] value)
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Same(Fido2ErrorMessages.AttestationResponseIdMissing, ex.Message);
     }
 
@@ -543,7 +543,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidRawType()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -581,7 +581,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidRawType()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal("AttestationResponse type must be 'public-key'", ex.Message);
     }
 
@@ -620,7 +620,7 @@ public async Task TestAuthenticatorAttestationResponseRpidMismatch()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -658,7 +658,7 @@ public async Task TestAuthenticatorAttestationResponseRpidMismatch()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal(Fido2ErrorCode.InvalidRpidHash, ex.Code);
         Assert.Equal(Fido2ErrorMessages.InvalidRpidHash, ex.Message);
     }
@@ -699,7 +699,7 @@ public async Task TestAuthenticatorAttestationResponseNotUserPresentAsync()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -737,7 +737,7 @@ public async Task TestAuthenticatorAttestationResponseNotUserPresentAsync()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
 
         Assert.Equal(Fido2ErrorCode.UserPresentFlagNotSet, ex.Code);
         Assert.Equal(Fido2ErrorMessages.UserPresentFlagNotSet, ex.Message);
@@ -778,7 +778,7 @@ public async Task TestAuthenticatorAttestationResponseBackupEligiblePolicyRequir
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -817,7 +817,7 @@ public async Task TestAuthenticatorAttestationResponseBackupEligiblePolicyRequir
             BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required,
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal(Fido2ErrorMessages.BackupEligibilityRequirementNotMet, ex.Message);
     }
 
@@ -856,7 +856,7 @@ public async Task TestAuthenticatorAttestationResponseBackupEligiblePolicyDisall
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -895,7 +895,7 @@ public async Task TestAuthenticatorAttestationResponseBackupEligiblePolicyDisall
             BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Disallowed,
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal(Fido2ErrorMessages.BackupEligibilityRequirementNotMet, ex.Message);
     }
 
@@ -934,7 +934,7 @@ public async Task TestAuthenticatorAttestationResponseNoAttestedCredentialData()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -972,7 +972,7 @@ public async Task TestAuthenticatorAttestationResponseNoAttestedCredentialData()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal("Attestation flag not set on attestation data", ex.Message);
     }
 
@@ -1012,7 +1012,7 @@ public async Task TestAuthenticatorAttestationResponseUnknownAttestationType()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -1050,7 +1050,7 @@ public async Task TestAuthenticatorAttestationResponseUnknownAttestationType()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal("Unknown attestation type. Was 'testing'", ex.Message);
         Assert.Equal(Fido2ErrorCode.UnknownAttestationType, ex.Code);
     }
@@ -1090,7 +1090,7 @@ public async Task TestAuthenticatorAttestationResponseNotUniqueCredId()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -1128,7 +1128,7 @@ public async Task TestAuthenticatorAttestationResponseNotUniqueCredId()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal("CredentialId is not unique to this user", ex.Message);
     }
 
@@ -1167,7 +1167,7 @@ public async Task TestAuthenticatorAttestationResponseUVRequired()
             },
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -1205,7 +1205,7 @@ public async Task TestAuthenticatorAttestationResponseUVRequired()
             Origins = new HashSet<string> { rp },
         });
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, origChallenge, callback));
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => lib.MakeNewCredentialAsync(rawResponse, originalOptions, callback));
         Assert.Equal("User Verified flag not set in authenticator data and user verification was required", ex.Message);
     }