diff --git a/Directory.Build.props b/Directory.Build.props
index f22edd76..f6c346c7 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -18,6 +18,12 @@
net6.0
enable
true
+ true
+
+ $(NoWarn);CS1591
diff --git a/Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs b/Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs
index 24c3d897..6107069c 100644
--- a/Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs
+++ b/Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs
@@ -99,7 +99,7 @@ public interface IFido2MetadataServiceBuilder
public class Fido2NetLibBuilder : IFido2NetLibBuilder, IFido2MetadataServiceBuilder
{
///
- /// Initializes a new instance of the class.
+ /// Initializes a new instance of the class.
///
/// The services.
/// services
diff --git a/Src/Fido2/AuthenticatorAssertionResponse.cs b/Src/Fido2/AuthenticatorAssertionResponse.cs
index 749dab78..c917c4f8 100644
--- a/Src/Fido2/AuthenticatorAssertionResponse.cs
+++ b/Src/Fido2/AuthenticatorAssertionResponse.cs
@@ -46,9 +46,12 @@ public static AuthenticatorAssertionResponse Parse(AuthenticatorAssertionRawResp
/// Implements algorithm from https://www.w3.org/TR/webauthn/#verifying-assertion.
///
/// The original assertion options that was sent to the client.
+ ///
/// The stored public key for this CredentialId.
+ /// The stored device public key for this CredentialId.
/// The stored counter value for this CredentialId
/// A function that returns if user handle is owned by the credential ID.
+ ///
/// The used to propagate notifications that the operation should be canceled.
public async Task VerifyAsync(
AssertionOptions options,
@@ -186,7 +189,8 @@ public async Task VerifyAsync(
/// verification steps are performed in the context of this step of § 7.2 Verifying an Authentication Assertion using
/// these variables established therein: credential, clientExtensionResults, authData, and hash. Relying Party policy
/// may specify whether a response without a devicePubKey is acceptable.
- ///
+ ///
+ ///
///
///
///
diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs
index 0aaacb4a..83107de3 100644
--- a/Src/Fido2/AuthenticatorAttestationResponse.cs
+++ b/Src/Fido2/AuthenticatorAttestationResponse.cs
@@ -209,10 +209,13 @@ public async Task VerifyAsync(
/// credential, clientExtensionResults, authData, and hash.
/// Relying Party policy may specify whether a response without a devicePubKey is acceptable.
///
+ ///
+ ///
///
///
///
- ///
+ /// The used to propagate notifications that the operation should be canceled.
+ ///
private async Task DevicePublicKeyRegistrationAsync(
Fido2Configuration config,
IMetadataService? metadataService,
diff --git a/Src/Fido2/Fido2.cs b/Src/Fido2/Fido2.cs
index f04ccd46..df317f9c 100644
--- a/Src/Fido2/Fido2.cs
+++ b/Src/Fido2/Fido2.cs
@@ -8,7 +8,7 @@
namespace Fido2NetLib;
///
-/// Public API for parsing and verifying FIDO2 attestation & assertion responses.
+/// Public API for parsing and verifying FIDO2 attestation and assertion responses.
///
public class Fido2 : IFido2
{
@@ -26,8 +26,10 @@ public Fido2(
///
/// Returns CredentialCreateOptions including a challenge to be sent to the browser/authenticator to create new credentials.
///
- ///
+ ///
/// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator. The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.
+ ///
+ ///
public CredentialCreateOptions RequestNewCredential(
Fido2User user,
IReadOnlyList excludeCredentials,
@@ -39,9 +41,12 @@ public CredentialCreateOptions RequestNewCredential(
///
/// Returns CredentialCreateOptions including a challenge to be sent to the browser/authenticator to create new credentials.
///
- ///
- /// This member is intended for use by Relying Parties that wish to express their preference for attestation conveyance. The default is none.
+ ///
/// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator. The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.
+ ///
+ /// This member is intended for use by Relying Parties that wish to express their preference for attestation conveyance. The default is none.
+ ///
+ ///
public CredentialCreateOptions RequestNewCredential(
Fido2User user,
IReadOnlyList excludeCredentials,
@@ -82,6 +87,9 @@ public async Task MakeNewCredentialAsync(
///
/// Returns AssertionOptions including a challenge to the browser/authenticator to assert existing credentials and authenticate a user.
///
+ ///
+ ///
+ ///
///
public AssertionOptions GetAssertionOptions(
IReadOnlyList allowedCredentials,
diff --git a/Src/Fido2/IMetadataService.cs b/Src/Fido2/IMetadataService.cs
index b720e0c5..7da89878 100644
--- a/Src/Fido2/IMetadataService.cs
+++ b/Src/Fido2/IMetadataService.cs
@@ -10,6 +10,7 @@ public interface IMetadataService
/// Gets the metadata payload entry by a guid asynchronously.
///
/// The Authenticator Attestation GUID.
+ /// The used to propagate notifications that the operation should be canceled.
/// Returns the entry; Otherwise null.
Task GetEntryAsync(Guid aaguid, CancellationToken cancellationToken = default);
diff --git a/Src/Fido2/Objects/AttestedCredentialData.cs b/Src/Fido2/Objects/AttestedCredentialData.cs
index 74dc8941..28f75f7f 100644
--- a/Src/Fido2/Objects/AttestedCredentialData.cs
+++ b/Src/Fido2/Objects/AttestedCredentialData.cs
@@ -10,7 +10,7 @@ public sealed class AttestedCredentialData
{
///
/// Minimum length of the attested credential data structure. AAGUID + credentialID length + credential ID + credential public key.
- ///
+ ///
///
private const int _minLength = 20; // Marshal.SizeOf(typeof(Guid)) + sizeof(ushort) + sizeof(byte) + sizeof(byte)
@@ -34,20 +34,20 @@ public AttestedCredentialData(Guid aaGuid, byte[] credentialId, CredentialPublic
///
/// The AAGUID of the authenticator. Can be used to identify the make and model of the authenticator.
- ///
+ ///
///
public Guid AaGuid { get; }
///
/// A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions.
- ///
+ ///
///
public byte[] CredentialId { get; }
///
/// The credential public key encoded in COSE_Key format, as defined in
/// Section 7 of RFC8152, using the CTAP2 canonical CBOR encoding form.
- ///
+ ///
///
public CredentialPublicKey CredentialPublicKey { get; }
diff --git a/Src/Fido2/Objects/AuthenticatorData.cs b/Src/Fido2/Objects/AuthenticatorData.cs
index ca3e40f9..82b29e10 100644
--- a/Src/Fido2/Objects/AuthenticatorData.cs
+++ b/Src/Fido2/Objects/AuthenticatorData.cs
@@ -11,7 +11,7 @@ public sealed class AuthenticatorData
{
///
/// Minimum length of the authenticator data structure.
- ///
+ ///
///
internal const int MinLength = SHA256HashLenBytes + sizeof(AuthenticatorFlags) + sizeof(uint);
@@ -55,13 +55,13 @@ public AuthenticatorData(byte[] rpIdHash, AuthenticatorFlags flags, uint signCou
///
/// UserPresent indicates that the user presence test has completed successfully.
- ///
+ ///
///
public bool UserPresent => _flags.HasFlag(AuthenticatorFlags.UP);
///
/// UserVerified indicates that the user verification process has completed successfully.
- ///
+ ///
///
public bool UserVerified => _flags.HasFlag(AuthenticatorFlags.UV);
@@ -70,27 +70,27 @@ public AuthenticatorData(byte[] rpIdHash, AuthenticatorFlags flags, uint signCou
/// Backup eligibility is signaled in authenticator data's flags along with the current backup state.
/// Backup eligibility is a credential property and is permanent for a given public key credential source.
/// A backup eligible public key credential source is referred to as a multi-device credential whereas one that is not backup eligible is referred to as a single-device credential.
- ///
+ ///
///
public bool IsBackupEligible => _flags.HasFlag(AuthenticatorFlags.BE);
///
/// The current backup state of a multi-device credential as determined by the current managing authenticator.
/// Backup state is signaled in authenticator data's flags and can change over time.
- ///
+ ///
///
public bool IsBackedUp => _flags.HasFlag(AuthenticatorFlags.BS);
///
/// HasAttestedCredentialData indicates that the authenticator added attested credential data to the authenticator data.
- ///
+ ///
///
[MemberNotNullWhen(true, nameof(AttestedCredentialData))]
public bool HasAttestedCredentialData => _flags.HasFlag(AuthenticatorFlags.AT);
///
/// HasExtensionsData indicates that the authenticator added extension data to the authenticator data.
- ///
+ ///
///
[MemberNotNullWhen(true, nameof(Extensions))]
public bool HasExtensionsData => _flags.HasFlag(AuthenticatorFlags.ED);
diff --git a/Src/Fido2/Objects/AuthenticatorFlags.cs b/Src/Fido2/Objects/AuthenticatorFlags.cs
index ab26236e..e77e5165 100644
--- a/Src/Fido2/Objects/AuthenticatorFlags.cs
+++ b/Src/Fido2/Objects/AuthenticatorFlags.cs
@@ -4,14 +4,14 @@ namespace Fido2NetLib.Objects;
///
/// Authenticator data flags
-///
+///
///
[Flags]
public enum AuthenticatorFlags : byte
{
///
/// User Present indicates that the user presence test has completed successfully.
- ///
+ ///
///
UP = 0x1,
@@ -22,7 +22,7 @@ public enum AuthenticatorFlags : byte
///
/// User Verified indicates that the user verification process has completed successfully.
- ///
+ ///
///
UV = 0x4,
@@ -31,14 +31,14 @@ public enum AuthenticatorFlags : byte
/// Backup eligibility is signaled in authenticator data's flags along with the current backup state.
/// Backup eligibility is a credential property and is permanent for a given public key credential source.
/// A backup eligible public key credential source is referred to as a multi-device credential whereas one that is not backup eligible is referred to as a single-device credential.
- ///
+ ///
///
BE = 0x8,
///
/// The current backup state of a multi-device credential as determined by the current managing authenticator.
/// Backup state is signaled in authenticator data's flags and can change over time.
- ///
+ ///
///
BS = 0x10,
@@ -49,13 +49,13 @@ public enum AuthenticatorFlags : byte
///
/// Attested credential data included indicates that the authenticator added attested credential data to the authenticator data.
- ///
+ ///
///
AT = 0x40,
///
/// Extension data included indicates that the authenticator added extension data to the authenticator data.
- ///
+ ///
///
ED = 0x80,
}
diff --git a/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs b/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs
index 4d1487dd..fb00bdd4 100644
--- a/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs
+++ b/Src/Fido2/Objects/DevicePublicKeyAuthenticatorOutput.cs
@@ -35,14 +35,14 @@ internal DevicePublicKeyAuthenticatorOutput(CborMap map)
///
/// The AAGUID of the authenticator. Can be used to identify the make and model of the authenticator.
- ///
+ ///
///
public Guid AaGuid { get; }
///
/// The credential public key encoded in COSE_Key format, as defined in
/// Section 7 of RFC8152, using the CTAP2 canonical CBOR encoding form.
- ///
+ ///
///
public CredentialPublicKey DevicePublicKey { get; }
@@ -65,7 +65,7 @@ internal DevicePublicKeyAuthenticatorOutput(CborMap map)
///
/// Attestation statement formats are identified by a string, called an attestation statement format identifier, chosen by the author of the attestation statement format.
- ///
+ ///
///
public string Fmt { get; }
diff --git a/Src/Fido2/Objects/Extensions.cs b/Src/Fido2/Objects/Extensions.cs
index 87abaf24..74e5b402 100644
--- a/Src/Fido2/Objects/Extensions.cs
+++ b/Src/Fido2/Objects/Extensions.cs
@@ -3,7 +3,7 @@
namespace Fido2NetLib.Objects;
///
-///
+///
///
public sealed class Extensions
{