From 1854581e209ad90033ecd5a3228583889f010730 Mon Sep 17 00:00:00 2001
From: joerger <bjoerger@goteleport.com>
Date: Tue, 22 Oct 2024 13:08:22 -0700
Subject: [PATCH] Use json compatible struct for WebAuthn SessionData.

---
 lib/auth/webauthn/login.go         | 6 +++++-
 lib/auth/webauthn/login_test.go    | 2 +-
 lib/auth/webauthntypes/webauthn.go | 9 ++++++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/auth/webauthn/login.go b/lib/auth/webauthn/login.go
index 7f668bf974483..df1d0527516cf 100644
--- a/lib/auth/webauthn/login.go
+++ b/lib/auth/webauthn/login.go
@@ -190,7 +190,11 @@ func (f *loginFlow) begin(ctx context.Context, user string, challengeExtensions
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	sd.ChallengeExtensions = challengeExtensions
+	sd.ChallengeExtensions = &wantypes.ChallengeExtensions{
+		Scope:                       challengeExtensions.Scope,
+		AllowReuse:                  challengeExtensions.AllowReuse,
+		UserVerificationRequirement: challengeExtensions.UserVerificationRequirement,
+	}
 
 	if err := f.sessionData.Upsert(ctx, user, sd); err != nil {
 		return nil, trace.Wrap(err)
diff --git a/lib/auth/webauthn/login_test.go b/lib/auth/webauthn/login_test.go
index 0d88e6c016948..cab67a920547a 100644
--- a/lib/auth/webauthn/login_test.go
+++ b/lib/auth/webauthn/login_test.go
@@ -441,7 +441,7 @@ func TestPasswordlessFlow_BeginAndFinish(t *testing.T) {
 				AllowCredentials: [][]uint8{}, // aka unset
 				ResidentKey:      false,       // irrelevant for login
 				UserVerification: string(protocol.VerificationRequired),
-				ChallengeExtensions: &mfav1.ChallengeExtensions{
+				ChallengeExtensions: &wantypes.ChallengeExtensions{
 					Scope:      mfav1.ChallengeScope_CHALLENGE_SCOPE_PASSWORDLESS_LOGIN,
 					AllowReuse: mfav1.ChallengeAllowReuse_CHALLENGE_ALLOW_REUSE_NO,
 				},
diff --git a/lib/auth/webauthntypes/webauthn.go b/lib/auth/webauthntypes/webauthn.go
index 9931732a84be6..61656f26212ca 100644
--- a/lib/auth/webauthntypes/webauthn.go
+++ b/lib/auth/webauthntypes/webauthn.go
@@ -405,7 +405,14 @@ type SessionData struct {
 	// An empty value is treated equivalently to "discouraged".
 	UserVerification string `json:"userVerification,omitempty"`
 	// ChallengeExtensions are Teleport extensions that apply to this webauthn session.
-	ChallengeExtensions *mfav1.ChallengeExtensions `json:"challenge_extensions,omitempty"`
+	ChallengeExtensions *ChallengeExtensions `json:"challenge_extensions,omitempty"`
+}
+
+// ChallengeExtensions is a json struct for [mfav1.ChallengeExtensions].
+type ChallengeExtensions struct {
+	Scope                       mfav1.ChallengeScope      `json:"scope,omitempty"`
+	AllowReuse                  mfav1.ChallengeAllowReuse `json:"allow_reuse,omitempty"`
+	UserVerificationRequirement string                    `json:"user_verification_requirement,omitempty"`
 }
 
 // SessionDataFromProtocol converts a [webauthn.SessionData] struct to an