Yubico · emlun · Dec 13, 2024 · Dec 12, 2024 · Dec 12, 2024
diff --git a/NEWS b/NEWS
@@ -56,10 +56,8 @@ New features:
 * (Experimental) Added property `RegisteredCredential.transports`.
  ** NOTE: Experimental features may receive breaking changes without a major
     version increase.
-* (Experimental) Added property `credProps.authenticatorDisplayName`.
  ** NOTE: Experimental features may receive breaking changes without a major
     version increase.
-* (Experimental) Added `credProps` extension to assertion extension outputs.
 
 
 == Version 2.5.4 ==

diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResult.java
@@ -35,7 +35,6 @@
 import com.yubico.webauthn.data.AuthenticatorResponse;
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.ClientAssertionExtensionOutputs;
-import com.yubico.webauthn.data.Extensions;
 import com.yubico.webauthn.data.PublicKeyCredential;
 import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions;
 import com.yubico.webauthn.data.UserIdentity;
@@ -282,33 +281,4 @@ public Optional<AuthenticatorAssertionExtensionOutputs> getAuthenticatorExtensio
     return AuthenticatorAssertionExtensionOutputs.fromAuthenticatorData(
         credentialResponse.getResponse().getParsedAuthenticatorData());
   }
-
-  /**
-   * Retrieve a suitable nickname for this credential, if one is available. This MAY differ from
-   * {@link RegistrationResult#getAuthenticatorDisplayName() the value returned during
-   * registration}, if any. In that case the application may want to offer the user to update the
-   * previously stored value, if any.
-   *
-   * <p>This returns the <code>authenticatorDisplayName</code> output from the <a
-   * href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
-   * <code>credProps</code></a> extension.
-   *
-   * @return A user-chosen or vendor-default display name for the credential, if available.
-   *     Otherwise empty.
-   * @see <a
-   *     href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
-   *     <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
-   *     (credProps)</a>
-   * @see RegistrationResult#getAuthenticatorDisplayName()
-   * @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
-   * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
-   *     the standard matures.
-   */
-  @JsonIgnore
-  @Deprecated
-  public Optional<String> getAuthenticatorDisplayName() {
-    return getClientExtensionOutputs()
-        .flatMap(outputs -> outputs.getCredProps())
-        .flatMap(credProps -> credProps.getAuthenticatorDisplayName());
-  }
 }
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResultV2.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResultV2.java
@@ -35,7 +35,6 @@
 import com.yubico.webauthn.data.AuthenticatorResponse;
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.ClientAssertionExtensionOutputs;
-import com.yubico.webauthn.data.Extensions;
 import com.yubico.webauthn.data.PublicKeyCredential;
 import java.util.Optional;
 import lombok.AccessLevel;
@@ -244,33 +243,4 @@ public Optional<AuthenticatorAssertionExtensionOutputs> getAuthenticatorExtensio
     return AuthenticatorAssertionExtensionOutputs.fromAuthenticatorData(
         credentialResponse.getResponse().getParsedAuthenticatorData());
   }
-
-  /**
-   * Retrieve a suitable nickname for this credential, if one is available. This MAY differ from
-   * {@link RegistrationResult#getAuthenticatorDisplayName() the value returned during
-   * registration}, if any. In that case the application may want to offer the user to update the
-   * previously stored value, if any.
-   *
-   * <p>This returns the <code>authenticatorDisplayName</code> output from the <a
-   * href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
-   * <code>credProps</code></a> extension.
-   *
-   * @return A user-chosen or vendor-default display name for the credential, if available.
-   *     Otherwise empty.
-   * @see <a
-   *     href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
-   *     <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
-   *     (credProps)</a>
-   * @see RegistrationResult#getAuthenticatorDisplayName()
-   * @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
-   * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
-   *     the standard matures.
-   */
-  @JsonIgnore
-  @Deprecated
-  public Optional<String> getAuthenticatorDisplayName() {
-    return getClientExtensionOutputs()
-        .flatMap(outputs -> outputs.getCredProps())
-        .flatMap(credProps -> credProps.getAuthenticatorDisplayName());
-  }
 }
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java
@@ -39,7 +39,6 @@
 import com.yubico.webauthn.data.AuthenticatorResponse;
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
-import com.yubico.webauthn.data.Extensions;
 import com.yubico.webauthn.data.PublicKeyCredential;
 import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
 import java.io.IOException;
@@ -368,33 +367,6 @@ public Optional<Boolean> isDiscoverable() {
         .flatMap(credProps -> credProps.getRk());
   }
 
-  /**
-   * Retrieve a suitable nickname for this credential, if one is available.
-   *
-   * <p>This returns the <code>authenticatorDisplayName</code> output from the <a
-   * href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
-   * <code>credProps</code></a> extension.
-   *
-   * @return A user-chosen or vendor-default display name for the credential, if available.
-   *     Otherwise empty.
-   * @see <a
-   *     href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
-   *     <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
-   *     (credProps)</a>
-   * @see AssertionResult#getAuthenticatorDisplayName()
-   * @see AssertionResultV2#getAuthenticatorDisplayName()
-   * @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
-   * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
-   *     the standard matures.
-   */
-  @JsonIgnore
-  @Deprecated
-  public Optional<String> getAuthenticatorDisplayName() {
-    return getClientExtensionOutputs()
-        .flatMap(outputs -> outputs.getCredProps())
-        .flatMap(credProps -> credProps.getAuthenticatorDisplayName());
-  }
-
   /**
    * The <a
    * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#attestation-trust-path">attestation

diff --git a/...n-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java b/...n-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java
@@ -64,18 +64,13 @@ public class ClientAssertionExtensionOutputs implements ClientExtensionOutputs {
    */
   private final Boolean appid;
 
-  private final Extensions.CredentialProperties.CredentialPropertiesOutput credProps;
-
   private final Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob;
 
   @JsonCreator
   private ClientAssertionExtensionOutputs(
       @JsonProperty("appid") Boolean appid,
-      @JsonProperty("credProps")
-          Extensions.CredentialProperties.CredentialPropertiesOutput credProps,
       @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob) {
     this.appid = appid;
-    this.credProps = credProps;
     this.largeBlob = largeBlob;
   }
 
@@ -86,9 +81,6 @@ public Set<String> getExtensionIds() {
     if (appid != null) {
       ids.add(Extensions.Appid.EXTENSION_ID);
     }
-    if (credProps != null) {
-      ids.add(Extensions.CredentialProperties.EXTENSION_ID);
-    }
     if (largeBlob != null) {
       ids.add(Extensions.LargeBlob.EXTENSION_ID);
     }
@@ -108,24 +100,6 @@ public Optional<Boolean> getAppid() {
     return Optional.ofNullable(appid);
   }
 
-  /**
-   * The extension output for the Credential Properties Extension (<code>credProps</code>), if any.
-   *
-   * <p>This value MAY be present but have all members empty if the extension was successfully
-   * processed but no credential properties could be determined.
-   *
-   * @see com.yubico.webauthn.data.Extensions.CredentialProperties.CredentialPropertiesOutput
-   * @see <a
-   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-authenticator-credential-properties-extension">§10.4.
-   *     Credential Properties Extension (credProps)</a>
-   * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
-   *     the standard matures.
-   */
-  @Deprecated
-  public Optional<Extensions.CredentialProperties.CredentialPropertiesOutput> getCredProps() {
-    return Optional.ofNullable(credProps);
-  }
-
   /**
    * The extension output for the <a
    * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">Large blob

diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java
@@ -6,9 +6,6 @@
 import com.fasterxml.jackson.annotation.JsonValue;
 import com.upokecenter.cbor.CBORObject;
 import com.upokecenter.cbor.CBORType;
-import com.yubico.webauthn.AssertionResult;
-import com.yubico.webauthn.AssertionResultV2;
-import com.yubico.webauthn.RegistrationResult;
 import com.yubico.webauthn.StartRegistrationOptions;
 import com.yubico.webauthn.extension.uvm.KeyProtectionType;
 import com.yubico.webauthn.extension.uvm.MatcherProtectionType;
@@ -74,15 +71,9 @@ public static class CredentialPropertiesOutput {
       @JsonProperty("rk")
       private final Boolean rk;
 
-      @JsonProperty("authenticatorDisplayName")
-      private final String authenticatorDisplayName;
-
       @JsonCreator
-      private CredentialPropertiesOutput(
-          @JsonProperty("rk") Boolean rk,
-          @JsonProperty("authenticatorDisplayName") String authenticatorDisplayName) {
+      private CredentialPropertiesOutput(@JsonProperty("rk") Boolean rk) {
         this.rk = rk;
-        this.authenticatorDisplayName = authenticatorDisplayName;
       }
 
       /**
@@ -114,34 +105,6 @@ private CredentialPropertiesOutput(
       public Optional<Boolean> getRk() {
         return Optional.ofNullable(rk);
       }
-
-      /**
-       * This OPTIONAL property is a human-palatable description of the credential's managing
-       * authenticator, chosen by the user.
-       *
-       * <p>If the application supports setting "nicknames" for registered credentials, then this
-       * value may be a suitable default value for such a nickname.
-       *
-       * <p>In an authentication ceremony, if this value is different from the stored nickname, then
-       * the application may want to offer the user to update the stored nickname to match this
-       * value.
-       *
-       * @return A user-chosen or vendor-default display name for the credential, if available.
-       *     Otherwise empty.
-       * @see <a
-       *     href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
-       *     <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
-       *     (credProps)</a>
-       * @see RegistrationResult#getAuthenticatorDisplayName()
-       * @see AssertionResult#getAuthenticatorDisplayName()
-       * @see AssertionResultV2#getAuthenticatorDisplayName()
-       * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change
-       *     as the standard matures.
-       */
-      @Deprecated
-      public Optional<String> getAuthenticatorDisplayName() {
-        return Optional.ofNullable(authenticatorDisplayName);
-      }
     }
   }
 

diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
@@ -38,7 +38,6 @@ import com.yubico.webauthn.data.AuthenticatorTransport
 import com.yubico.webauthn.data.ByteArray
 import com.yubico.webauthn.data.ClientAssertionExtensionOutputs
 import com.yubico.webauthn.data.CollectedClientData
-import com.yubico.webauthn.data.Extensions.CredentialProperties.CredentialPropertiesOutput
 import com.yubico.webauthn.data.Extensions.LargeBlob.LargeBlobAuthenticationInput
 import com.yubico.webauthn.data.Extensions.LargeBlob.LargeBlobAuthenticationOutput
 import com.yubico.webauthn.data.Extensions.Uvm.UvmEntry
@@ -2846,55 +2845,6 @@ class RelyingPartyAssertionSpec
               )
             }
           }
-
-          describe("exposes the credProps.authenticatorDisplayName extension output as getAuthenticatorDisplayName()") {
-            val pkcTemplate =
-              TestAuthenticator.createAssertion(
-                challenge =
-                  request.getPublicKeyCredentialRequestOptions.getChallenge,
-                credentialKey = credentialKeypair,
-                credentialId = credential.getId,
-              )
-
-            it("""when set to "hej".""") {
-              val pkc = pkcTemplate.toBuilder
-                .clientExtensionResults(
-                  pkcTemplate.getClientExtensionResults.toBuilder
-                    .credProps(
-                      CredentialPropertiesOutput
-                        .builder()
-                        .authenticatorDisplayName("hej")
-                        .build()
-                    )
-                    .build()
-                )
-                .build()
-              val result = rp.finishAssertion(
-                FinishAssertionOptions
-                  .builder()
-                  .request(request)
-                  .response(pkc)
-                  .build()
-              )
-
-              result.getAuthenticatorDisplayName.toScala should equal(
-                Some("hej")
-              )
-            }
-
-            it("when not available.") {
-              val pkc = pkcTemplate
-              val result = rp.finishAssertion(
-                FinishAssertionOptions
-                  .builder()
-                  .request(request)
-                  .response(pkc)
-                  .build()
-              )
-
-              result.getAuthenticatorDisplayName.toScala should equal(None)
-            }
-          }
         }
       }
     }

diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -266,7 +266,6 @@ class RelyingPartyRegistrationSpec
                   "org.example.foo": "bar",
                   "credProps": {
                     "rk": false,
-                    "authenticatorDisplayName": "My passkey",
                     "unknownProperty": ["unknown-value"]
                   }
                 }
@@ -4289,51 +4288,6 @@ class RelyingPartyRegistrationSpec
         }
       }
 
-      describe("expose the credProps.authenticatorDisplayName extension output as RegistrationResult.getAuthenticatorDisplayName()") {
-        val testDataBase = RegistrationTestData.Packed.BasicAttestation
-        val testData = testDataBase.copy(requestedExtensions =
-          testDataBase.request.getExtensions.toBuilder.credProps().build()
-        )
-
-        it("""when set to "hej".""") {
-          val result = rp.finishRegistration(
-            FinishRegistrationOptions
-              .builder()
-              .request(testData.request)
-              .response(
-                testData.response.toBuilder
-                  .clientExtensionResults(
-                    ClientRegistrationExtensionOutputs
-                      .builder()
-                      .credProps(
-                        CredentialPropertiesOutput
-                          .builder()
-                          .authenticatorDisplayName("hej")
-                          .build()
-                      )
-                      .build()
-                  )
-                  .build()
-              )
-              .build()
-          )
-
-          result.getAuthenticatorDisplayName.toScala should equal(Some("hej"))
-        }
-
-        it("when not available.") {
-          val result = rp.finishRegistration(
-            FinishRegistrationOptions
-              .builder()
-              .request(testData.request)
-              .response(testData.response)
-              .build()
-          )
-
-          result.getAuthenticatorDisplayName.toScala should equal(None)
-        }
-      }
-
       describe("support the largeBlob extension") {
         it("being enabled at registration time.") {
           val testData = RegistrationTestData.Packed.BasicAttestation