CBOR_UNEXPECTED_TYPE when using allowCredentials in Fido2Client.get_assertion

[mpdn]

Hi. I seem to be hitting an issue where setting allowCredentials causes a CBOR_UNEXPECTED_TYPE to be returned. I am using Yubikey 5C USB.

I am not totally sure whether I am structuring the parameters to the call correctly, but it seems to be translated into an underlying PublicKeyCredentialDescriptor correctly, so it seems odd that this is somehow translated into invalid CBOR.

I can replicate the issue with the following snippet:

import fido2.features
from fido2.hid import CtapHidDevice
from fido2.client import Fido2Client
from fido2.utils import websafe_encode

fido2.features.webauthn_json_mapping.enabled = True

device = next(CtapHidDevice.list_devices())
client = Fido2Client(device, 'https://example.com')
client.get_assertion({
    'challenge': websafe_encode(b'foo'),
    'rpId': 'example.com',
    'allowCredentials': [{
        'type': 'public-key',
        'id': websafe_encode(b'bar')
    }],
})

[sardok]

Try disabling fido2.features.webauthn_json_mapping.enabled = True line. webauthn_json_mapping changes the encoding method for bytes. bytes serialized into str when this feature is enabled where the device expects bytes.