FIX Pass AuthenticatorSelectionCriteria as argument to PublicKeyCredentialCreationOptions constructor

[sabina-talipova]

Description

• Webauthn/PublicKeyCredentialCreationOptions requires AuthenticatorSelectionCriteria type as authenticatorSelection argument;
• In "web-auth/webauthn-lib" version 3.3, which we used in CMS 4.13, the second parameter is timeout. See https://github.com/web-auth/webauthn-lib/blob/v3.3/src/PublicKeyCredentialRequestOptions.php
  In version 4.4, which we use in CMS 5, it accepts only one parameter at all. We invoke parent constructor. See https://github.com/web-auth/webauthn-lib/blob/4.4.x/src/PublicKeyCredentialRequestOptions.php
  In version 4.7, the timeout is taken as parameter 5 in constructor. See https://github.com/web-auth/webauthn-lib/blob/4.7.x/src/PublicKeyCredentialRequestOptions.php

Parent issue

• BROKEN BUILDS .github#114

[GuySartorelli]

For future reference, it's a good idea to add more context in your PR description for changes like this. You only mentioned the change for PublicKeyCredentialCreationOptions, not for PublicKeyCredentialRequestOptions - and you linked to code for 4.7.x but didn't mention anything about 4.4.x which is the minimum dependency for this module.

I've investigated a little and found that for PublicKeyCredentialCreationOptions the 4000 argument wasn't being used at all (there was no parameter there in the constructor), and for PublicKeyCredentialRequestOptions we were passing 4000 in where a "challenge" parameter was and still is.

Did you do any investigation into what that 4000 number refers to? I'm hesitant to drop it entirely without understanding what it was intended to do in the first place.

[sabina-talipova]

In "web-auth/webauthn-lib" version 3.3, which we used in CMS 4.13, the second parameter is timeout. See https://github.com/web-auth/webauthn-lib/blob/v3.3/src/PublicKeyCredentialRequestOptions.php
In version 4.4, which we use in CMS 5, it accepts only one parameter at all. We invoke parent constructor. See https://github.com/web-auth/webauthn-lib/blob/4.4.x/src/PublicKeyCredentialRequestOptions.php
In version 4.7, the timeout is taken as parameter 5 in constructor. See https://github.com/web-auth/webauthn-lib/blob/4.7.x/src/PublicKeyCredentialRequestOptions.php
I plan to open a task to update our module, since many methods will be deprecated and not be supported from version 4.7. And also this module were not updated since we used "web-auth/webauthn-lib": 3.3

[sabina-talipova]

Updated.

[sabina-talipova]

We can update them as part of this ticket.

[GuySartorelli]

Looks good. Sorry about the confusion.