Skip to content

feat: add webauthn signal api serializers #720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 5.3.x
Choose a base branch
from
Open

feat: add webauthn signal api serializers #720

wants to merge 2 commits into from

Conversation

joostdebruijn
Copy link
Contributor

Target branch: 5.3.x
Resolves issue: n/a

  • It is a Bug fix
  • It is a New feature
  • Breaks BC
  • Includes Deprecations

The WebAuthn Signal API is a new extension to WebAuthn that allows servers and clients to exchange additional “signal” data in a privacy-preserving way, enabling scenarios such as passkey upgrade flows, security key cross-device operations, seamless migration, and more. See the W3C explainer and Chrome Developer Docs.

This pull request introduces new denormalizers and corresponding signal classes to support WebAuthn serialization for the Signal API. These changes handle three signals: AllAcceptedCredentials, CurrentUserDetails, and UnknownCredential.

@joostdebruijn
Copy link
Contributor Author

I'm not sure what to do with the failing checks, because some checks are failing on files I didn't touch.

@Spomky Spomky added the enhancement New feature or request label May 26, 2025
@Spomky Spomky added this to the 5.3.0 milestone May 26, 2025
@Spomky
Copy link
Contributor

Spomky commented May 26, 2025

Hi,

Many thanks. I was not aware of these signals. I read the documentation carefully and it looks really interesting.

I will investigate the failing tests.

@Spomky Spomky self-assigned this Jun 13, 2025
@Spomky Spomky force-pushed the feat-add-webauthn-signal-api branch from a8d3e78 to 28f2c06 Compare June 13, 2025 08:58
@Spomky
Add signal classes and denormalizers for WebAuthn events
6cb08b5 
Introduced `Signal` interface along with three implementations: `AllAcceptedCredentials`, `CurrentUserDetails`, and `UnknownCredential`. Added corresponding denormalizers to handle serialization and deserialization of these events, updating `WebauthnSerializerFactory` to register them. Extended `SerializerTest` to validate proper functionality with new test cases.
@Spomky Spomky force-pushed the feat-add-webauthn-signal-api branch from 28f2c06 to 6cb08b5 Compare June 13, 2025 09:28
@Spomky
Update PHPStan baseline with new rules for Signal denormalizers
f9733fc 
Expanded the PHPStan baseline to include new warnings related to type handling and offset accessibility in Signal denormalizers (`SignalAllAcceptedCredentialsDenormalizer`, `SignalCurrentUserDetailsDenormalizer`, and `SignalUnknownCredentialDenormalizer`), ensuring accurate tracking of static analysis issues.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Spomky Spomky

Labels
enhancement New feature or request
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@joostdebruijn @Spomky