Directory.Build.props

@@ -7,6 +7,7 @@
     <Description>FIDO2 .NET library (WebAuthn)</Description>
     <RepositoryUrl>https://github.com/passwordless-lib/fido2-net-lib</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
+    <PublishRepositoryUrl>true</PublishRepositoryUrl>
     <PackageTags>fido2 webauthn</PackageTags>
     <PackageReleaseNotes>Initial release</PackageReleaseNotes>
     <PackageProjectUrl>https://github.com/passwordless-lib/fido2-net-lib</PackageProjectUrl>
@@ -15,9 +16,15 @@
 
   <!-- Global Variables -->
   <PropertyGroup>
-    <SupportedTargetFrameworks>net6.0</SupportedTargetFrameworks>
+    <SupportedTargetFrameworks>net8.0</SupportedTargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <!-- 
+      Temporary disabling of CS1591 (Missing XML comment for publicly visible type or member) warning
+      Make sure to re-enable it when https://github.com/passwordless-lib/fido2-net-lib/issues/501 is resolved.
+    -->
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
   </PropertyGroup>
 
   <!-- Language + Compiler Settings-->

Src/Directory.Build.props

@@ -2,12 +2,9 @@
 <Project>
   <Import Project="..\Directory.Build.props"/>
 
-  <!-- SourceLink Support-->
   <PropertyGroup Condition="$(IS_DOCKER) == ''">
+    <!-- Include PDB in the NuGet package -->
     <AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
-    <PublishRepositoryUrl>true</PublishRepositoryUrl>
   </PropertyGroup>
-  <ItemGroup Condition="$(IS_DOCKER) == ''">
-    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
-  </ItemGroup>  
+
 </Project>

Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs

@@ -23,7 +23,7 @@ public static IFido2NetLibBuilder AddFido2(this IServiceCollection services, ICo
 
     private static void AddServices(this IServiceCollection services)
     {
-        services.AddTransient<IFido2, Fido2>();
+        services.AddScoped<IFido2, Fido2>();
         services.AddSingleton<IMetadataService, NullMetadataService>(); //Default implementation if we choose not to enable MDS
         services.TryAddSingleton<ISystemClock, SystemClock>();
     }
@@ -42,14 +42,14 @@ public static IFido2NetLibBuilder AddFido2(this IServiceCollection services, Act
 
     public static void AddCachedMetadataService(this IFido2NetLibBuilder builder, Action<IFido2MetadataServiceBuilder> configAction)
     {
-        builder.AddMetadataService<DistributedCacheMetadataService>();
+        builder.Services.AddScoped<IMetadataService, DistributedCacheMetadataService>();
 
         configAction(new Fido2NetLibBuilder(builder.Services));
     }
 
     public static IFido2MetadataServiceBuilder AddFileSystemMetadataRepository(this IFido2MetadataServiceBuilder builder, string directoryPath)
     {
-        builder.Services.AddTransient<IMetadataRepository, FileSystemMetadataRepository>(r =>
+        builder.Services.AddScoped<IMetadataRepository, FileSystemMetadataRepository>(provider =>
         {
             return new FileSystemMetadataRepository(directoryPath);
         });
@@ -62,7 +62,7 @@ public static IFido2MetadataServiceBuilder AddConformanceMetadataRepository(
         HttpClient client = null,
         string origin = "")
     {
-        builder.Services.AddTransient<IMetadataRepository>(provider =>
+        builder.Services.AddScoped<IMetadataRepository>(provider =>
         {
             return new ConformanceMetadataRepository(client, origin);
         });
@@ -80,15 +80,10 @@ public static IFido2MetadataServiceBuilder AddFidoMetadataRepository(this IFido2
         if (clientBuilder != null)
             clientBuilder(httpClientBuilder);
 
-        builder.Services.AddTransient<IMetadataRepository, Fido2MetadataServiceRepository>();
+        builder.Services.AddScoped<IMetadataRepository, Fido2MetadataServiceRepository>();
 
         return builder;
     }
-
-    private static void AddMetadataService<TService>(this IFido2NetLibBuilder builder) where TService : class, IMetadataService
-    {
-        builder.Services.AddScoped<IMetadataService, TService>();
-    }
 }
 
 public interface IFido2NetLibBuilder
@@ -104,7 +99,7 @@ public interface IFido2MetadataServiceBuilder
 public class Fido2NetLibBuilder : IFido2NetLibBuilder, IFido2MetadataServiceBuilder
 {
     /// <summary>
-    /// Initializes a new instance of the <see cref="IdentityServerBuilder"/> class.
+    /// Initializes a new instance of the <see cref="Fido2NetLibBuilder"/> class.
     /// </summary>
     /// <param name="services">The services.</param>
     /// <exception cref="System.ArgumentNullException">services</exception>

Src/Fido2.BlazorWebAssembly/Fido2.BlazorWebAssembly.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Razor">
 
   <PropertyGroup>
-    <TargetFrameworks>net8.0</TargetFrameworks>
+    <TargetFrameworks>$(SupportedTargetFrameworks)</TargetFrameworks>
     <RootNamespace>Fido2NetLib</RootNamespace>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <Nullable>enable</Nullable>

Src/Fido2.Ctap2/Commands/AuthenticatorClientPinCommand.cs

@@ -3,62 +3,51 @@
 
 namespace Fido2NetLib.Ctap2;
 
-public sealed class AuthenticatorClientPinCommand : CtapCommand
+public sealed class AuthenticatorClientPinCommand(
+    uint pinProtocol,
+    AuthenticatorClientPinSubCommand subCommand,
+    CredentialPublicKey? keyAgreement = null,
+    byte[]? pinAuth = null,
+    byte[]? newPinEnc = null,
+    byte[]? pinHashEnc = null) : CtapCommand
 {
-    public AuthenticatorClientPinCommand(
-        uint pinProtocol,
-        AuthenticatorClientPinSubCommand subCommand,
-        CredentialPublicKey? keyAgreement = null,
-        byte[]? pinAuth = null,
-        byte[]? newPinEnc = null,
-        byte[]? pinHashEnc = null)
-    {
-
-        PinProtocol = pinProtocol;
-        SubCommand = subCommand;
-        KeyAgreement = keyAgreement;
-        PinAuth = pinAuth;
-        NewPinEnc = newPinEnc;
-        PinHashEnc = pinHashEnc;
-    }
-
     /// <summary>
     /// Required PIN protocol version chosen by the client.
     /// </summary>
     [CborMember(0x01)]
-    public uint PinProtocol { get; }
+    public uint PinProtocol { get; } = pinProtocol;
 
     /// <summary>
     /// The authenticator Client PIN sub command currently being requested.
     /// </summary>
     [CborMember(0x02)]
-    public AuthenticatorClientPinSubCommand SubCommand { get; }
+    public AuthenticatorClientPinSubCommand SubCommand { get; } = subCommand;
 
     /// <summary>
     /// Public key of platformKeyAgreementKey.
     /// The COSE_Key-encoded public key MUST contain the optional "alg" parameter and MUST NOT contain any other optional parameters.
     /// The "alg" parameter MUST contain a COSEAlgorithmIdentifier value.
     /// </summary>
     [CborMember(0x03)]
-    public CredentialPublicKey? KeyAgreement { get; }
+    public CredentialPublicKey? KeyAgreement { get; } = keyAgreement;
 
     /// <summary>
     /// First 16 bytes of HMAC-SHA-256 of encrypted contents using sharedSecret.
     /// </summary>
     [CborMember(0x04)]
-    public byte[]? PinAuth { get; }
+    public byte[]? PinAuth { get; } = pinAuth;
 
     /// <summary>
     /// Encrypted new PIN using sharedSecret.
     /// </summary>
     [CborMember(0x05)]
-    public byte[]? NewPinEnc { get; }
+    public byte[]? NewPinEnc { get; } = newPinEnc;
 
     /// <summary>
     /// Encrypted first 16 bytes of SHA-256 of PIN using sharedSecret.
     /// </summary>
     [CborMember(0x06)]
-    public byte[]? PinHashEnc { get; }
+    public byte[]? PinHashEnc { get; } = pinHashEnc;
 
     public override CtapCommandType Type => CtapCommandType.AuthenticatorClientPin;
 

Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs

@@ -54,9 +54,5 @@ public sealed class AssertionResponse
         [JsonPropertyName("userHandle")]
         [JsonConverter(typeof(Base64UrlConverter))]
         public byte[]? UserHandle { get; set; }
-
-        [JsonPropertyName("attestationObject")]
-        [JsonConverter(typeof(Base64UrlConverter))]
-        public byte[]? AttestationObject { get; set; }
     }
 }

Src/Fido2.Models/CredentialCreateOptions.cs

@@ -59,7 +59,7 @@ public sealed class CredentialCreateOptions : Fido2ResponseBase
     /// This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.
     /// </summary>
     [JsonPropertyName("excludeCredentials")]
-    public IReadOnlyList<PublicKeyCredentialDescriptor> ExcludeCredentials { get; set; } = Array.Empty<PublicKeyCredentialDescriptor>();
+    public IReadOnlyList<PublicKeyCredentialDescriptor> ExcludeCredentials { get; set; } = [];
 
     /// <summary>
     /// This OPTIONAL member contains additional parameters requesting additional processing by the client and authenticator. For example, if transaction confirmation is sought from the user, then the prompt string might be included as an extension.
@@ -85,8 +85,8 @@ public static CredentialCreateOptions Create(
             Rp = new PublicKeyCredentialRpEntity(config.ServerDomain, config.ServerName, config.ServerIcon),
             Timeout = config.Timeout,
             User = user,
-            PubKeyCredParams = new List<PubKeyCredParam>(10)
-            {
+            PubKeyCredParams =
+            [
                 // Add additional as appropriate
                 PubKeyCredParam.Ed25519,
                 PubKeyCredParam.ES256,
@@ -98,7 +98,7 @@ public static CredentialCreateOptions Create(
                 PubKeyCredParam.ES512,
                 PubKeyCredParam.RS512,
                 PubKeyCredParam.PS512,
-            },
+            ],
             AuthenticatorSelection = authenticatorSelection,
             Attestation = attestationConveyancePreference,
             ExcludeCredentials = excludeCredentials,
@@ -119,29 +119,25 @@ public static CredentialCreateOptions FromJson(string json)
 
 #nullable enable
 
-public sealed class PubKeyCredParam
+/// <summary>
+/// Constructs a PubKeyCredParam instance
+/// </summary>
+[method: JsonConstructor]
+public sealed class PubKeyCredParam(
+    COSE.Algorithm alg,
+    PublicKeyCredentialType type = PublicKeyCredentialType.PublicKey)
 {
-    /// <summary>
-    /// Constructs a PubKeyCredParam instance
-    /// </summary>
-    [JsonConstructor]
-    public PubKeyCredParam(COSE.Algorithm alg, PublicKeyCredentialType type = PublicKeyCredentialType.PublicKey)
-    {
-        Type = type;
-        Alg = alg;
-    }
-
     /// <summary>
     /// The type member specifies the type of credential to be created.
     /// </summary>
     [JsonPropertyName("type")]
-    public PublicKeyCredentialType Type { get; }
+    public PublicKeyCredentialType Type { get; } = type;
 
     /// <summary>
     /// The alg member specifies the cryptographic signature algorithm with which the newly generated credential will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.
     /// </summary>
     [JsonPropertyName("alg")]
-    public COSE.Algorithm Alg { get; }
+    public COSE.Algorithm Alg { get; } = alg;
 
     public static readonly PubKeyCredParam ES256 = new(COSE.Algorithm.ES256); // External authenticators support the ES256 algorithm
     public static readonly PubKeyCredParam ES384 = new(COSE.Algorithm.ES384);
@@ -158,31 +154,28 @@ public PubKeyCredParam(COSE.Algorithm alg, PublicKeyCredentialType type = Public
 /// <summary>
 /// PublicKeyCredentialRpEntity 
 /// </summary>
-public sealed class PublicKeyCredentialRpEntity
+public sealed class PublicKeyCredentialRpEntity(
+    string id,
+    string name,
+    string? icon = null)
 {
-    public PublicKeyCredentialRpEntity(string id, string name, string? icon = null)
-    {
-        Name = name;
-        Id = id;
-        Icon = icon;
-    }
-
     /// <summary>
     /// A unique identifier for the Relying Party entity, which sets the RP ID.
     /// </summary>
     [JsonPropertyName("id")]
-    public string Id { get; set; }
+    public string Id { get; set; } = id;
 
     /// <summary>
     /// A human-readable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents:
     /// </summary>
     [JsonPropertyName("name")]
-    public string Name { get; set; }
+    public string Name { get; set; } = name;
 
     [JsonPropertyName("icon")]
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
-    public string? Icon { get; set; }
+    public string? Icon { get; set; } = icon;
 }
+
 #nullable disable
 
 /// <summary>

Src/Fido2.Models/Fido2Configuration.cs

@@ -52,10 +52,7 @@ public IReadOnlySet<string> Origins
     {
         get
         {
-            if (_origins == null)
-            {
-                _origins = new HashSet<string>(0);
-            }
+            _origins ??= new HashSet<string>(0);
 
             return _origins;
         }
@@ -91,14 +88,14 @@ public IReadOnlySet<string> FullyQualifiedOrigins
     /// <summary>
     /// List of metadata statuses for an authenticator that should cause attestations to be rejected.
     /// </summary>
-    public AuthenticatorStatus[] UndesiredAuthenticatorMetadataStatuses { get; set; } = new AuthenticatorStatus[]
-    {
+    public AuthenticatorStatus[] UndesiredAuthenticatorMetadataStatuses { get; set; } =
+    [
         AuthenticatorStatus.ATTESTATION_KEY_COMPROMISE,
         AuthenticatorStatus.USER_VERIFICATION_BYPASS,
         AuthenticatorStatus.USER_KEY_REMOTE_COMPROMISE,
         AuthenticatorStatus.USER_KEY_PHYSICAL_COMPROMISE,
         AuthenticatorStatus.REVOKED
-    };
+    ];
 
     /// <summary>
     /// Whether or not to accept a backup eligible credential

Src/Fido2.Models/Metadata/AuthenticatorStatus.cs

@@ -8,7 +8,7 @@ namespace Fido2NetLib;
 /// <remarks>
 /// <see href="https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-service-v2.0-rd-20180702.html#authenticatorstatus-enum"/>
 /// </remarks>
-[JsonConverter(typeof(JsonStringEnumConverter))]
+[JsonConverter(typeof(JsonStringEnumConverter<AuthenticatorStatus>))]
 public enum AuthenticatorStatus
 {
     /// <summary>

Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyOutputs.cs

@@ -4,20 +4,16 @@ namespace Fido2NetLib.Objects;
 
 using System.Text.Json.Serialization;
 
-public sealed class AuthenticationExtensionsDevicePublicKeyOutputs
+[method: JsonConstructor]
+public sealed class AuthenticationExtensionsDevicePublicKeyOutputs(
+    byte[] authenticatorOutput,
+    byte[] signature)
 {
-    [JsonConstructor]
-    public AuthenticationExtensionsDevicePublicKeyOutputs(byte[] authenticatorOutput, byte[] signature)
-    {
-        AuthenticatorOutput = authenticatorOutput;
-        Signature = signature;
-    }
-
     [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("authenticatorOutput")]
-    public byte[] AuthenticatorOutput { get; }
+    public byte[] AuthenticatorOutput { get; } = authenticatorOutput;
 
     [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("signature")]
-    public byte[] Signature { get; }
+    public byte[] Signature { get; } = signature;
 }

Src/Fido2.Models/UndesiredMetadataStatusFido2VerificationException.cs

@@ -3,15 +3,11 @@
 /// <summary>
 /// Exception thrown when a new attestation comes from an authenticator with a current reported security issue.
 /// </summary>
-public class UndesiredMetadataStatusFido2VerificationException : Fido2VerificationException
+public class UndesiredMetadataStatusFido2VerificationException(StatusReport statusReport)
+    : Fido2VerificationException($"Authenticator found with undesirable status. Was {statusReport.Status}")
 {
-    public UndesiredMetadataStatusFido2VerificationException(StatusReport statusReport) : base($"Authenticator found with undesirable status. Was {statusReport.Status}")
-    {
-        StatusReport = statusReport;
-    }
-
     /// <summary>
     /// Status report from the authenticator that caused the attestation to be rejected.
     /// </summary>
-    public StatusReport StatusReport { get; }
+    public StatusReport StatusReport { get; } = statusReport;
 }