Describe the bug
When following the steps described in the documentation, the credential registration fails with the following exception:
java.lang.IllegalArgumentException: Cannot convert unknown credential type org.springframework.security.web.webauthn.api.PublicKeyCredentialType@4cfbb790 to webauthn4j
Expected behavior The problem seems to originate from this line. The debugger indicates that the type of the request I generate is indeed "public-key", but as the two object instances are different this test fails. The error message could be clearer by referencing the value of the PublicKeyCredentialType object
Comment From: ngocnhan-tran1996
Could you please provide a sample?
Comment From: ltanguy
Update: Simple app reproducing the issue.
This bug is triggered in my setup by the fact that the session is stored in database through spring session.
The following code makes the assumption that PublicKeyCrendentialType is an enum (which it is not):
if (parameter.getType() != PublicKeyCredentialType.PUBLIC_KEY) {
This test should be based on .equals().
This problem was not directly triggered in simple applications as we only rely on one single instance of PublicKeyCredentialType.
With Spring Session JDBC, the HTTP session is constructed for each request and thus uses new instances of this object, making this test fail.
Comment From: ltanguy
As a side note, PublicKeyCredentialCreationOptions is not declared as Serializable (contrary to the other classes in this package). This makes this authentication method not compatible with a vanilla Spring Session installation that relies on the default Java object serializer.
Comment From: re1709
Finding the same issue regarding PublicKeyCredentialCreationOptions not being serializable as @Itang
We are also using Spring Session JDBC, but haven't got as far as seeing the parameter type check issue (halted by the serialization issue) but likely would see that next.
Is there any update on this and the PR being reviewed? WebAuthN is not currently usable with Spring JDBC Session.