List<PublicKeyCredentialDescriptor>/IEnumerable<PublicKeyCredentialDescriptor> to IReadOnlyList<PublicKeyCredentialDescriptor> (#447)

* Change excludeCredentials from List<PublicKeyCredentialDescriptor> to IEnumerable<PublicKeyCredentialDescriptor>

* Use Any() instead of Count()

* Remove unnecessary ToList()

* Fix README.md

* IEnumerable -> IReadOnlyList

* Revert README.md

* Apply suggestions from review.

---------

Co-authored-by: Anders Åberg <anders@andersaberg.com>

Author: joegoldman2

Src/Fido2.Models/AssertionOptions.cs

@@ -36,7 +36,7 @@ public class AssertionOptions : Fido2ResponseBase
     /// This OPTIONAL member contains a list of PublicKeyCredentialDescriptor objects representing public key credentials acceptable to the caller, in descending order of the caller’s preference(the first item in the list is the most preferred credential, and so on down the list)
     /// </summary>
     [JsonPropertyName("allowCredentials")]
-    public IEnumerable<PublicKeyCredentialDescriptor> AllowCredentials { get; set; }
+    public IReadOnlyList<PublicKeyCredentialDescriptor> AllowCredentials { get; set; } = Array.Empty<PublicKeyCredentialDescriptor>();
 
     /// <summary>
     /// This member describes the Relying Party's requirements regarding user verification for the get() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement
@@ -51,7 +51,12 @@ public class AssertionOptions : Fido2ResponseBase
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
     public AuthenticationExtensionsClientInputs Extensions { get; set; }
 
-    public static AssertionOptions Create(Fido2Configuration config, byte[] challenge, IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials, UserVerificationRequirement? userVerification, AuthenticationExtensionsClientInputs extensions)
+    public static AssertionOptions Create(
+        Fido2Configuration config,
+        byte[] challenge,
+        IReadOnlyList<PublicKeyCredentialDescriptor> allowedCredentials,
+        UserVerificationRequirement? userVerification,
+        AuthenticationExtensionsClientInputs extensions)
     {
         return new AssertionOptions()
         {
@@ -60,7 +65,7 @@ public static AssertionOptions Create(Fido2Configuration config, byte[] challeng
             Challenge = challenge,
             Timeout = config.Timeout,
             RpId = config.ServerDomain,
-            AllowCredentials = allowedCredentials ?? Array.Empty<PublicKeyCredentialDescriptor>(),
+            AllowCredentials = allowedCredentials,
             UserVerification = userVerification,
             Extensions = extensions
         };

Src/Fido2.Models/CredentialCreateOptions.cs

@@ -61,7 +61,7 @@ public sealed class CredentialCreateOptions : Fido2ResponseBase
     /// This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.
     /// </summary>
     [JsonPropertyName("excludeCredentials")]
-    public List<PublicKeyCredentialDescriptor> ExcludeCredentials { get; set; }
+    public IReadOnlyList<PublicKeyCredentialDescriptor> ExcludeCredentials { get; set; } = Array.Empty<PublicKeyCredentialDescriptor>();
 
     /// <summary>
     /// This OPTIONAL member contains additional parameters requesting additional processing by the client and authenticator. For example, if transaction confirmation is sought from the user, then the prompt string might be included as an extension.
@@ -70,7 +70,14 @@ public sealed class CredentialCreateOptions : Fido2ResponseBase
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
     public AuthenticationExtensionsClientInputs Extensions { get; set; }
 
-    public static CredentialCreateOptions Create(Fido2Configuration config, byte[] challenge, Fido2User user, AuthenticatorSelection authenticatorSelection, AttestationConveyancePreference attestationConveyancePreference, List<PublicKeyCredentialDescriptor> excludeCredentials, AuthenticationExtensionsClientInputs extensions)
+    public static CredentialCreateOptions Create(
+        Fido2Configuration config,
+        byte[] challenge,
+        Fido2User user,
+        AuthenticatorSelection authenticatorSelection,
+        AttestationConveyancePreference attestationConveyancePreference,
+        IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
+        AuthenticationExtensionsClientInputs extensions)
     {
         return new CredentialCreateOptions
         {
@@ -96,7 +103,7 @@ public static CredentialCreateOptions Create(Fido2Configuration config, byte[] c
             },
             AuthenticatorSelection = authenticatorSelection,
             Attestation = attestationConveyancePreference,
-            ExcludeCredentials = excludeCredentials ?? new List<PublicKeyCredentialDescriptor>(),
+            ExcludeCredentials = excludeCredentials,
             Extensions = extensions
         };
     }

Src/Fido2/Fido2.cs

@@ -30,7 +30,7 @@ public Fido2(
     /// <param name="excludeCredentials">Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator. The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.</param>
     public CredentialCreateOptions RequestNewCredential(
         Fido2User user,
-        List<PublicKeyCredentialDescriptor> excludeCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
         AuthenticationExtensionsClientInputs? extensions = null)
     {
         return RequestNewCredential(user, excludeCredentials, AuthenticatorSelection.Default, AttestationConveyancePreference.None, extensions);
@@ -44,7 +44,7 @@ public CredentialCreateOptions RequestNewCredential(
     /// <param name="excludeCredentials">Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator. The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter.</param>
     public CredentialCreateOptions RequestNewCredential(
         Fido2User user,
-        List<PublicKeyCredentialDescriptor> excludeCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
         AuthenticatorSelection authenticatorSelection,
         AttestationConveyancePreference attestationPreference,
         AuthenticationExtensionsClientInputs? extensions = null)
@@ -84,7 +84,7 @@ public async Task<MakeNewCredentialResult> MakeNewCredentialAsync(
     /// </summary>
     /// <returns></returns>
     public AssertionOptions GetAssertionOptions(
-        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> allowedCredentials,
         UserVerificationRequirement? userVerification,
         AuthenticationExtensionsClientInputs? extensions = null)
     {

Src/Fido2/IFido2.cs

@@ -9,7 +9,7 @@ namespace Fido2NetLib;
 public interface IFido2
 {
     AssertionOptions GetAssertionOptions(
-        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> allowedCredentials,
         UserVerificationRequirement? userVerification,
         AuthenticationExtensionsClientInputs? extensions = null);
 
@@ -30,12 +30,12 @@ Task<MakeNewCredentialResult> MakeNewCredentialAsync(
 
     CredentialCreateOptions RequestNewCredential(
         Fido2User user,
-        List<PublicKeyCredentialDescriptor> excludeCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
         AuthenticationExtensionsClientInputs? extensions = null);
 
     CredentialCreateOptions RequestNewCredential(
         Fido2User user,
-        List<PublicKeyCredentialDescriptor> excludeCredentials,
+        IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
         AuthenticatorSelection authenticatorSelection,
         AttestationConveyancePreference attestationPreference,
         AuthenticationExtensionsClientInputs? extensions = null);