Change Id to be received as string instead of decoded

Regenhardt · Regenhardt · commit 61e26940d53b · 2024-12-30T01:14:56.000+01:00
RawId is decoded to the raw byte value, while Id is the same value in base64url-encoded form.
diff --git a/BlazorWasmDemo/Server/Controllers/UserController.cs b/BlazorWasmDemo/Server/Controllers/UserController.cs
@@ -265,7 +265,7 @@ public async Task<string> MakeAssertionAsync([FromBody] AuthenticatorAssertionRa
             _pendingAssertions.Remove(key);
 
             // 2. Get registered credential from database
-            var creds = _demoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
+            var creds = _demoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");
 
             // 3. Make the assertion
             var res = await _fido2.MakeAssertionAsync(new MakeAssertionParams
diff --git a/Demo/Controller.cs b/Demo/Controller.cs
@@ -194,7 +194,7 @@ public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRaw
             var options = AssertionOptions.FromJson(jsonOptions);
 
             // 2. Get registered credential from database
-            var creds = DemoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
+            var creds = DemoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");
 
             // 3. Get credential counter from database
             var storedCounter = creds.SignCount;
diff --git a/Demo/TestController.cs b/Demo/TestController.cs
@@ -181,7 +181,7 @@ public async Task<JsonResult> MakeAssertionTestAsync([FromBody] AuthenticatorAss
         var options = AssertionOptions.FromJson(jsonOptions);
 
         // 2. Get registered credential from database
-        var creds = _demoStorage.GetCredentialById(clientResponse.Id);
+        var creds = _demoStorage.GetCredentialById(clientResponse.RawId);
 
         // 3. Get credential counter from database
         var storedCounter = creds.SignCount;
diff --git a/Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs b/Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs
@@ -12,9 +12,8 @@ namespace Fido2NetLib;
 /// </summary>
 public class AuthenticatorAssertionRawResponse
 {
-    [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("id"), Required]
-    public byte[] Id { get; init; }
+    public string Id { get; init; }
 
     // might be wrong to base64url encode this...
     [JsonConverter(typeof(Base64UrlConverter))]
diff --git a/Src/Fido2/AuthenticatorAssertionResponse.cs b/Src/Fido2/AuthenticatorAssertionResponse.cs
@@ -77,7 +77,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
         if (options.AllowCredentials != null && options.AllowCredentials.Any())
         {
             // might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential
-            if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))
+            if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))
                 throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);
         }
 
@@ -87,7 +87,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
             if (UserHandle.Length is 0)
                 throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);
 
-            if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)
+            if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)
             {
                 throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);
             }
@@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
 
         return new VerifyAssertionResult
         {
-            CredentialId = Raw.Id,
+            CredentialId = Raw.RawId,
             SignCount = authData.SignCount,
             IsBackedUp = authData.IsBackedUp
 
diff --git a/Tests/Fido2.Tests/AuthenticatorResponse.cs b/Tests/Fido2.Tests/AuthenticatorResponse.cs
@@ -1275,7 +1275,7 @@ public void TestAuthenticatorAssertionRawResponse()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1301,7 +1301,7 @@ public void TestAuthenticatorAssertionRawResponse()
             }
         };
         Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);
-        Assert.Equal([0xf1, 0xd0], assertionResponse.Id);
+        Assert.Equal("8dA", assertionResponse.Id);
         Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);
         Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);
         Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);
@@ -1352,7 +1352,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.Invalid,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1504,7 +1504,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
                 AppID = false,
@@ -1579,7 +1579,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1655,7 +1655,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1731,7 +1731,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1809,7 +1809,7 @@ public async Task TestAuthenticatorAssertionAppId()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1886,7 +1886,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1964,7 +1964,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2041,7 +2041,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2116,7 +2116,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2192,7 +2192,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2268,7 +2268,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2344,7 +2344,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2421,7 +2421,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2497,7 +2497,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2580,7 +2580,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
diff --git a/Tests/Fido2.Tests/ExistingU2fRegistrationDataTests.cs b/Tests/Fido2.Tests/ExistingU2fRegistrationDataTests.cs
@@ -14,7 +14,8 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
     {
         // u2f registration with appId
         var appId = "https://localhost:44336";
-        var keyHandleData = Base64Url.DecodeFromChars("2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw");
+        var keyHandleB64Data = "2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw";
+        var keyHandleData = Base64Url.DecodeFromChars(keyHandleB64Data);
         var publicKeyData = Base64Url.DecodeFromChars("BEKJkJiDzo8wlrYbAHmyz5a5vShbkStO58ZO7F-hy4fvBp6TowCZoV2dNGcxIN1yT18799bb_WuP0Yq_DSv5a-U");
 
         //key as cbor
@@ -36,7 +37,7 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
 
         var authResponse = new AuthenticatorAssertionRawResponse
         {
-            Id = keyHandleData,
+            Id = keyHandleB64Data,
             RawId = keyHandleData,
             Type = PublicKeyCredentialType.PublicKey,
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
diff --git a/Tests/Fido2.Tests/Fido2Tests.cs b/Tests/Fido2.Tests/Fido2Tests.cs
@@ -987,7 +987,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
         };
         IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`77`	`77`	`if (options.AllowCredentials != null && options.AllowCredentials.Any())`
`78`	`78`	`{`
`79`	`79`	`// might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential`
`80`		`- if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))`
	`80`	`+ if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))`
`81`	`81`	`throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);`
`82`	`82`	`}`
`83`	`83`
`@@ -87,7 +87,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`87`	`87`	`if (UserHandle.Length is 0)`
`88`	`88`	`throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);`
`89`	`89`
`90`		`- if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)`
	`90`	`+ if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)`
`91`	`91`	`{`
`92`	`92`	`throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);`
`93`	`93`	`}`
`@@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`177`	`177`
`178`	`178`	`return new VerifyAssertionResult`
`179`	`179`	`{`
`180`		`- CredentialId = Raw.Id,`
	`180`	`+ CredentialId = Raw.RawId,`
`181`	`181`	`SignCount = authData.SignCount,`
`182`	`182`	`IsBackedUp = authData.IsBackedUp`
`183`	`183`
Original file line number	Diff line number	Diff line change
`@@ -1275,7 +1275,7 @@ public void TestAuthenticatorAssertionRawResponse()`
`1275`	`1275`	`{`
`1276`	`1276`	`Response = assertion,`
`1277`	`1277`	`Type = PublicKeyCredentialType.PublicKey,`
`1278`		`- Id = [0xf1, 0xd0],`
	`1278`	`+ Id = "8dA",`
`1279`	`1279`	`RawId = [0xf1, 0xd0],`
`1280`	`1280`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1281`	`1281`	`{`
`@@ -1301,7 +1301,7 @@ public void TestAuthenticatorAssertionRawResponse()`
`1301`	`1301`	`}`
`1302`	`1302`	`};`
`1303`	`1303`	`Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);`
`1304`		`- Assert.Equal([0xf1, 0xd0], assertionResponse.Id);`
	`1304`	`+ Assert.Equal("8dA", assertionResponse.Id);`
`1305`	`1305`	`Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);`
`1306`	`1306`	`Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);`
`1307`	`1307`	`Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);`
`@@ -1352,7 +1352,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()`
`1352`	`1352`	`{`
`1353`	`1353`	`Response = assertion,`
`1354`	`1354`	`Type = PublicKeyCredentialType.Invalid,`
`1355`		`- Id = [0xf1, 0xd0],`
	`1355`	`+ Id = "8dA",`
`1356`	`1356`	`RawId = [0xf1, 0xd0],`
`1357`	`1357`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1358`	`1358`	`{`
`@@ -1504,7 +1504,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()`
`1504`	`1504`	`{`
`1505`	`1505`	`Response = assertion,`
`1506`	`1506`	`Type = PublicKeyCredentialType.PublicKey,`
`1507`		`- Id = [0xf1, 0xd0],`
	`1507`	`+ Id = "8dA",`
`1508`	`1508`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1509`	`1509`	`{`
`1510`	`1510`	`AppID = false,`
`@@ -1579,7 +1579,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()`
`1579`	`1579`	`{`
`1580`	`1580`	`Response = assertion,`
`1581`	`1581`	`Type = PublicKeyCredentialType.PublicKey,`
`1582`		`- Id = [0xf1, 0xd0],`
	`1582`	`+ Id = "8dA",`
`1583`	`1583`	`RawId = [0xf1, 0xd0],`
`1584`	`1584`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1585`	`1585`	`{`
`@@ -1655,7 +1655,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()`
`1655`	`1655`	`{`
`1656`	`1656`	`Response = assertion,`
`1657`	`1657`	`Type = PublicKeyCredentialType.PublicKey,`
`1658`		`- Id = [0xf1, 0xd0],`
	`1658`	`+ Id = "8dA",`
`1659`	`1659`	`RawId = [0xf1, 0xd0],`
`1660`	`1660`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1661`	`1661`	`{`
`@@ -1731,7 +1731,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()`
`1731`	`1731`	`{`
`1732`	`1732`	`Response = assertion,`
`1733`	`1733`	`Type = PublicKeyCredentialType.PublicKey,`
`1734`		`- Id = [0xf1, 0xd0],`
	`1734`	`+ Id = "8dA",`
`1735`	`1735`	`RawId = [0xf1, 0xd0],`
`1736`	`1736`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1737`	`1737`	`{`
`@@ -1809,7 +1809,7 @@ public async Task TestAuthenticatorAssertionAppId()`
`1809`	`1809`	`{`
`1810`	`1810`	`Response = assertion,`
`1811`	`1811`	`Type = PublicKeyCredentialType.PublicKey,`
`1812`		`- Id = [0xf1, 0xd0],`
	`1812`	`+ Id = "8dA",`
`1813`	`1813`	`RawId = [0xf1, 0xd0],`
`1814`	`1814`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1815`	`1815`	`{`
`@@ -1886,7 +1886,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()`
`1886`	`1886`	`{`
`1887`	`1887`	`Response = assertion,`
`1888`	`1888`	`Type = PublicKeyCredentialType.PublicKey,`
`1889`		`- Id = [0xf1, 0xd0],`
	`1889`	`+ Id = "8dA",`
`1890`	`1890`	`RawId = [0xf1, 0xd0],`
`1891`	`1891`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1892`	`1892`	`{`
`@@ -1964,7 +1964,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()`
`1964`	`1964`	`{`
`1965`	`1965`	`Response = assertion,`
`1966`	`1966`	`Type = PublicKeyCredentialType.PublicKey,`
`1967`		`- Id = [0xf1, 0xd0],`
	`1967`	`+ Id = "8dA",`
`1968`	`1968`	`RawId = [0xf1, 0xd0],`
`1969`	`1969`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1970`	`1970`	`{`
`@@ -2041,7 +2041,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()`
`2041`	`2041`	`{`
`2042`	`2042`	`Response = assertion,`
`2043`	`2043`	`Type = PublicKeyCredentialType.PublicKey,`
`2044`		`- Id = [0xf1, 0xd0],`
	`2044`	`+ Id = "8dA",`
`2045`	`2045`	`RawId = [0xf1, 0xd0],`
`2046`	`2046`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2047`	`2047`	`{`
`@@ -2116,7 +2116,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()`
`2116`	`2116`	`{`
`2117`	`2117`	`Response = assertion,`
`2118`	`2118`	`Type = PublicKeyCredentialType.PublicKey,`
`2119`		`- Id = [0xf1, 0xd0],`
	`2119`	`+ Id = "8dA",`
`2120`	`2120`	`RawId = [0xf1, 0xd0],`
`2121`	`2121`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2122`	`2122`	`{`
`@@ -2192,7 +2192,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()`
`2192`	`2192`	`{`
`2193`	`2193`	`Response = assertion,`
`2194`	`2194`	`Type = PublicKeyCredentialType.PublicKey,`
`2195`		`- Id = [0xf1, 0xd0],`
	`2195`	`+ Id = "8dA",`
`2196`	`2196`	`RawId = [0xf1, 0xd0],`
`2197`	`2197`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2198`	`2198`	`{`
`@@ -2268,7 +2268,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()`
`2268`	`2268`	`{`
`2269`	`2269`	`Response = assertion,`
`2270`	`2270`	`Type = PublicKeyCredentialType.PublicKey,`
`2271`		`- Id = [0xf1, 0xd0],`
	`2271`	`+ Id = "8dA",`
`2272`	`2272`	`RawId = [0xf1, 0xd0],`
`2273`	`2273`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2274`	`2274`	`{`
`@@ -2344,7 +2344,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()`
`2344`	`2344`	`{`
`2345`	`2345`	`Response = assertion,`
`2346`	`2346`	`Type = PublicKeyCredentialType.PublicKey,`
`2347`		`- Id = [0xf1, 0xd0],`
	`2347`	`+ Id = "8dA",`
`2348`	`2348`	`RawId = [0xf1, 0xd0],`
`2349`	`2349`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2350`	`2350`	`{`
`@@ -2421,7 +2421,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()`
`2421`	`2421`	`{`
`2422`	`2422`	`Response = assertion,`
`2423`	`2423`	`Type = PublicKeyCredentialType.PublicKey,`
`2424`		`- Id = [0xf1, 0xd0],`
	`2424`	`+ Id = "8dA",`
`2425`	`2425`	`RawId = [0xf1, 0xd0],`
`2426`	`2426`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2427`	`2427`	`{`
`@@ -2497,7 +2497,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()`
`2497`	`2497`	`{`
`2498`	`2498`	`Response = assertion,`
`2499`	`2499`	`Type = PublicKeyCredentialType.PublicKey,`
`2500`		`- Id = [0xf1, 0xd0],`
	`2500`	`+ Id = "8dA",`
`2501`	`2501`	`RawId = [0xf1, 0xd0],`
`2502`	`2502`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2503`	`2503`	`{`
`@@ -2580,7 +2580,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()`
`2580`	`2580`	`{`
`2581`	`2581`	`Response = assertion,`
`2582`	`2582`	`Type = PublicKeyCredentialType.PublicKey,`
`2583`		`- Id = [0xf1, 0xd0],`
	`2583`	`+ Id = "8dA",`
`2584`	`2584`	`RawId = [0xf1, 0xd0],`
`2585`	`2585`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2586`	`2586`	`{`
Original file line number	Diff line number	Diff line change
`@@ -987,7 +987,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(`
`987`	`987`	`{`
`988`	`988`	`Response = assertion,`
`989`	`989`	`Type = PublicKeyCredentialType.PublicKey,`
`990`		`- Id = [0xf1, 0xd0],`
	`990`	`+ Id = "8dA",`
`991`	`991`	`RawId = [0xf1, 0xd0],`
`992`	`992`	`};`
`993`	`993`	`IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>`