Skip to content

Confusing API: MakeAssertionAsync #518

New issue
New issue
Closed
Closed
Confusing API: MakeAssertionAsync#518
@glatzert

Description

@glatzert
glatzert
opened on Apr 15, 2024

The function

fido2-net-lib/Src/Fido2/IFido2.cs

Line 16 in 9ad038b

Task<VerifyAssertionResult> MakeAssertionAsync(
IFido2.MakeAssertionAsync() returns an instance of VerifyAssertionResult. This leads to questions and some confusion about how to use it:

  1. The return type contains an status and an errorMessage, that is used in the samples like here

    fido2-net-lib/BlazorWasmDemo/Server/Controllers/UserController.cs

    Line 284 in 9ad038b

    if (res.Status is "ok")
    , but will never be anything else then { status = "ok" } and errorMessage = null despite the sample indicating otherwise. MakeAssertionAsync() will always throw on error, which is okay, but should be clearly communicated.
  2. the VerifyAssertionResult.Status property is of type string and is neither populated by an enum nor by an constant, so if that property is relevant, the caller needs to read the code to understand the possible values.

I propose:

  • removing the inheritance of VerifyAssertionResult to Fido2ResponseBase since that brings in the two problematic fields.
  • adding a bool to VerifyAssertionResult indicating successful verification and thus remove all throws and replace it with return VerifiyAssertionResult.Error(string reason) setting that bool to false (or an enum indicating success and failure to make it clearly distinguishable).

If you'd accept the Idea, I'd implement it and provide a PR.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions