shtong / fido2-net-lib Goto Github PK

Public byte array properties should not be used across the board (see CA1819)

As the library's objectives are to manipulate credantials (as opposed to manipulating users directly), we should remove the user class.

Pretty much what the title says. We should not have any editorconfig or FxCop warnings at all in the project.

What the title says.

Could it be possible to add an automated check for that ? (like an FxCop rule ?)

Organize the unit test to follow the 'one test class per tested class' practice.

Because the data classes uses the Json.NET data attributes, library users MUST reference this library, even if they prefer to use System.Text.Json, or even if they do not need serialization at all.

This hard dependency should be removed in favor of an optional component that would configure the models to be used with Json.NET if needed.

Because they have two different purposes, and will probably never be used at the same time, should we have one website for the demo and another for conformance testing, instead of one for both?

An interesting source of ideas for configuration could be the BouncyCastle project

A few things should be fixed about how conditions are written in v1:

• Use non-inverted order
• Use == instead of Equals for strings
• Use implicit boolean comparisons

This will allow to have settings that are put in common between all of the Fido2 libraries.

The settings that could be put in this file are:

• Current API version
• FxCop settings
• Others ?

In some cases, some methods throws Fido2VerificationException, even though the problem is clearly not an error related to the Fido2 verification, but rather a programmer error (such as when a null argument is send).

An example can be found in AuthenticatorAttestationResponse.Parse, which throws Fido2VerificationException instead of NullReferenceException when its argument is null.

It's in the wrong namespace D: