pax_global_header00006660000000000000000000000064151230151130014502gustar00rootroot0000000000000052 comment=7a1a8bd433167ab6ab404091849b3c6e12085e7f golang-github-go-webauthn-webauthn-0.15.0/000077500000000000000000000000001512301511300203455ustar00rootroot00000000000000golang-github-go-webauthn-webauthn-0.15.0/.codecov.yml000066400000000000000000000005511512301511300225710ustar00rootroot00000000000000--- codecov: require_ci_to_pass: true comment: layout: "reach, diff, flags, files" behavior: default require_changes: false coverage: precision: 2 round: down range: "50...90" ignore: - "**/coverage.txt" - "testing" parsers: gcov: branch_detection: conditional: true loop: true method: false macro: false ... golang-github-go-webauthn-webauthn-0.15.0/.commitlintrc.yml000066400000000000000000000007661512301511300236630ustar00rootroot00000000000000extends: - '@commitlint/config-conventional' rules: body-max-line-length: [2, always, Infinity] body-min-length: [2, always, 20] header-case: [2, always, lower-case] header-max-length: [2, always, 72] type-enum: [2, always ["build", "ci", "docs", "feat", "fix", "perf", "refactor", "revert", "test"]] scope-enum: [2, always, ["metadata", "protocol", "webauthn"]] defaultIgnores: true helpUrl: 'https://github.com/go-webauthn/webauthn/blob/master/CONTRIBUTING.md#commit-message-convention'golang-github-go-webauthn-webauthn-0.15.0/.github/000077500000000000000000000000001512301511300217055ustar00rootroot00000000000000golang-github-go-webauthn-webauthn-0.15.0/.github/CODEOWNERS000066400000000000000000000001411512301511300232740ustar00rootroot00000000000000# The maintainers team is a code owner for the whole repository. * @go-webauthn/maintainersgolang-github-go-webauthn-webauthn-0.15.0/.github/FUNDING.yml000066400000000000000000000016701512301511300235260ustar00rootroot00000000000000# These are supported funding model platforms github: [go-webauthn, james-d-elliott] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: # Replace with a single Patreon username open_collective: # Replace with a single Open Collective username ko_fi: # Replace with a single Ko-fi username tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry liberapay: # Replace with a single Liberapay username issuehunt: # Replace with a single IssueHunt username lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry polar: # Replace with a single Polar username buy_me_a_coffee: # Replace with a single Buy Me a Coffee username thanks_dev: # Replace with a single thanks.dev username custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] golang-github-go-webauthn-webauthn-0.15.0/.github/ISSUE_TEMPLATE/000077500000000000000000000000001512301511300240705ustar00rootroot00000000000000golang-github-go-webauthn-webauthn-0.15.0/.github/ISSUE_TEMPLATE/bug-report.yml000066400000000000000000000034631512301511300267070ustar00rootroot00000000000000--- name: Bug Report description: Report a potential bug labels: - type/potential-bug - status/needs-triage - priority/normal body: - type: markdown attributes: value: | Thanks for taking the time to fill out this bug report. Please try to give as much information as possible for us to be able to reproduce the issue and provide a quick fix. - type: dropdown id: version attributes: label: Version description: What version of the library are you using or which versions do you see the issue in? multiple: true options: - '0.15.0' - '0.14.0' - '0.13.4' - '0.13.3' - '0.13.2' - '0.13.1' - '0.13.0' - '0.12.3' - '0.12.2' - '0.12.1' - '0.12.0' validations: required: true - type: dropdown id: go-version attributes: label: Go Version description: What version of go are you using? multiple: true options: - '1.25' - '1.24' - '1.23' - 'Other' validations: required: true - type: textarea id: description attributes: label: Description description: Describe the bug validations: required: true - type: textarea id: reproduction attributes: label: Reproduction description: Describe how we can reproduce this issue validations: required: true - type: textarea id: expectations attributes: label: Expectations description: Describe the desired or expected results validations: required: false - type: textarea id: documentation attributes: label: Documentation description: Provide any relevant specification or other documentation if applicable validations: required: false ... golang-github-go-webauthn-webauthn-0.15.0/.github/ISSUE_TEMPLATE/config.yml000066400000000000000000000004401512301511300260560ustar00rootroot00000000000000--- blank_issues_enabled: false contact_links: - name: Documentation url: https://github.com/go-webauthn/webauthn about: Read the documentation - name: Question/Other url: https://github.com/go-webauthn/webauthn/discussions/new about: Discuss other questions etc. ... golang-github-go-webauthn-webauthn-0.15.0/.github/ISSUE_TEMPLATE/docs.yml000066400000000000000000000011011512301511300255340ustar00rootroot00000000000000--- name: Documentation Feedback description: Report issues or suggestions surrounding documentation labels: - type/documentation - status/needs-triage - priority/normal body: - type: textarea id: description attributes: label: Description description: Describe the issue or suggestion validations: required: true - type: textarea id: additional-information attributes: label: Additional Information description: Any additional information that may be useful like links etc validations: required: false ... golang-github-go-webauthn-webauthn-0.15.0/.github/ISSUE_TEMPLATE/feature-request.yml000066400000000000000000000012701512301511300277340ustar00rootroot00000000000000--- name: Feature Request description: Request a feature labels: - type/feature-request - status/needs-triage - priority/normal body: - type: textarea id: description attributes: label: Description description: Provide a description of the feature validations: required: true - type: textarea id: use-case attributes: label: Use Case description: Provide a use case if applicable validations: required: false - type: textarea id: documentation attributes: label: Documentation description: Provide any relevant specification or other documentation if applicable validations: required: false ...golang-github-go-webauthn-webauthn-0.15.0/.github/dependabot.yml000066400000000000000000000001631512301511300245350ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: 'github-actions' directory: / schedule: interval: 'daily' golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/000077500000000000000000000000001512301511300237425ustar00rootroot00000000000000golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/codeql.yml000066400000000000000000000022701512301511300257350ustar00rootroot00000000000000name: 'CodeQL' on: push: branches: - 'master' pull_request: branches: - 'master' schedule: - cron: '0 0 * * 1' permissions: contents: 'read' jobs: analyze: name: 'Analyze' runs-on: 'ubuntu-latest' permissions: actions: 'read' contents: 'read' security-events: 'write' strategy: fail-fast: false matrix: language: - 'go' steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Checkout' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 'Initialize CodeQL' uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 with: languages: ${{ matrix.language }} - name: 'Build' uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 - name: 'Perform CodeQL Analysis' uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 with: category: '/language:${{ matrix.language }}' golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/dependabot.yml000066400000000000000000000016241512301511300265750ustar00rootroot00000000000000name: 'Dependabot' on: pull_request: {} permissions: contents: 'read' jobs: automerge: name: 'Auto-Merge' runs-on: 'ubuntu-latest' if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'go-webauthn/webauthn' permissions: contents: 'write' steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Dependabot Fetch Metadata' id: 'metadata' uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b with: github-token: '${{ secrets.GITHUB_TOKEN }}' - name: 'Enable Auto-Merge' run: | gh pr merge --auto --squash "$PR_URL" env: PR_URL: '${{ github.event.pull_request.html_url }}' GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/dependency-review.yml000066400000000000000000000011241512301511300301000ustar00rootroot00000000000000name: 'Dependency Review' on: pull_request: {} permissions: contents: 'read' jobs: dependency-review: name: 'Dependency Review' runs-on: 'ubuntu-latest' steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Checkout Repository' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 'Dependency Review' uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1 golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/go.yml000066400000000000000000000033571512301511300251020ustar00rootroot00000000000000name: 'Go' on: pull_request: {} push: branches: - 'master' permissions: contents: 'read' jobs: cover: name: 'Coverage' runs-on: 'ubuntu-latest' steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Set up Go' uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: 1.25 - name: 'Checkout' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 'Get Dependencies' run: | go get -v -t -d ./... - name: 'Test' run: | go test -coverprofile=coverage.txt -v ./... - name: 'Coverage' uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 with: token: ${{ secrets.CODECOV_TOKEN }} build: name: 'Build' runs-on: 'ubuntu-latest' strategy: matrix: go: - '1.24' - '1.25' fail-fast: false steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Set up Go ${{ matrix.go }}' uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go }} - name: 'Checkout' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 'Get Dependencies' run: | go get -v -t -d ./... - name: 'Build' run: | go build -v ./... - name: 'Test' run: | go test -v ./...golang-github-go-webauthn-webauthn-0.15.0/.github/workflows/scorecards.yml000066400000000000000000000024461512301511300266230ustar00rootroot00000000000000name: 'Scorecards' on: branch_protection_rule: {} schedule: - cron: '20 7 * * 2' push: branches: - 'master' permissions: 'read-all' jobs: analysis: name: 'OpenSSF' runs-on: 'ubuntu-latest' permissions: security-events: 'write' id-token: 'write' contents: 'read' actions: 'read' steps: - name: 'Harden Runner' uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: 'audit' - name: 'Checkout' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: 'Analyze' uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: 'results.sarif' results_format: 'sarif' publish_results: true - name: 'Upload' uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: 'SARIF file' path: 'results.sarif' retention-days: 5 - name: 'Upload to Code Scanning Dashboard' uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5 with: sarif_file: 'results.sarif' golang-github-go-webauthn-webauthn-0.15.0/.gitignore000066400000000000000000000071211512301511300223360ustar00rootroot00000000000000# Created by https://www.toptal.com/developers/gitignore/api/go,osx,linux,goland,windows,visualstudiocode # Edit at https://www.toptal.com/developers/gitignore?templates=go,osx,linux,goland,windows,visualstudiocode ### Go ### # Binaries for programs and plugins *.exe *.exe~ *.dll *.so *.dylib # Test binary, built with `go test -c` *.test # Output of the go coverage tool, specifically when used with LiteIDE *.out # Dependency directories (remove the comment below to include it) # vendor/ ### Go Patch ### /vendor/ /Godeps/ ### Goland ### # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm, Rider and Goland # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 # User-specific stuff .idea/**/workspace.xml .idea/**/tasks.xml .idea/**/usage.statistics.xml .idea/**/dictionaries .idea/**/shelf # AWS User-specific .idea/**/aws.xml # Generated files .idea/**/contentModel.xml # Sensitive or high-churn files .idea/**/dataSources/ .idea/**/dataSources.ids .idea/**/dataSources.local.xml .idea/**/sqlDataSources.xml .idea/**/dynamic.xml .idea/**/uiDesigner.xml .idea/**/dbnavigator.xml # Gradle .idea/**/gradle.xml .idea/**/libraries # Gradle and Maven with auto-import # When using Gradle or Maven with auto-import, you should exclude module files, # since they will be recreated, and may cause churn. Uncomment if using # auto-import. # .idea/artifacts # .idea/compiler.xml # .idea/jarRepositories.xml # .idea/modules.xml # .idea/*.iml # .idea/modules # *.iml # *.ipr # CMake cmake-build-*/ # Mongo Explorer plugin .idea/**/mongoSettings.xml # File-based project format *.iws # IntelliJ out/ # mpeltonen/sbt-idea plugin .idea_modules/ # JIRA plugin atlassian-ide-plugin.xml # Cursive Clojure plugin .idea/replstate.xml # Crashlytics plugin (for Android Studio and IntelliJ) com_crashlytics_export_strings.xml crashlytics.properties crashlytics-build.properties fabric.properties # Editor-based Rest Client .idea/httpRequests # Ignores the whole .idea folder and all .iml files .idea/ # Android studio 3.1+ serialized cache file .idea/caches/build_file_checksums.ser ### Linux ### *~ # temporary files which can be created if a process still has a handle open of a deleted file .fuse_hidden* # KDE directory preferences .directory # Linux trash folder which might appear on any partition or disk .Trash-* # .nfs files are created when an open file is removed but is still being accessed .nfs* ### OSX ### # General .DS_Store .AppleDouble .LSOverride # Icon must end with two \r Icon # Thumbnails ._* # Files that might appear in the root of a volume .DocumentRevisions-V100 .fseventsd .Spotlight-V100 .TemporaryItems .Trashes .VolumeIcon.icns .com.apple.timemachine.donotpresent # Directories potentially created on remote AFP share .AppleDB .AppleDesktop Network Trash Folder Temporary Items .apdisk ### VisualStudioCode ### .vscode/* !.vscode/settings.json !.vscode/tasks.json !.vscode/launch.json !.vscode/extensions.json *.code-workspace # Local History for Visual Studio Code .history/ ### VisualStudioCode Patch ### # Ignore all local history of files .history .ionide # Support for Project snippet scope !.vscode/*.code-snippets ### Windows ### # Windows thumbnail cache files Thumbs.db Thumbs.db:encryptable ehthumbs.db ehthumbs_vista.db # Dump file *.stackdump # Folder config file [Dd]esktop.ini # Recycle Bin used on file shares $RECYCLE.BIN/ # Windows Installer files *.cab *.msi *.msix *.msm *.msp # Windows shortcuts *.lnk # End of https://www.toptal.com/developers/gitignore/api/go,osx,linux,goland,windows,visualstudiocode golang-github-go-webauthn-webauthn-0.15.0/.golangci.yml000066400000000000000000000040401512301511300227270ustar00rootroot00000000000000--- version: "2" linters: enable: - asciicheck - forbidigo - goconst - gocritic - gocyclo - godot - gosec - misspell - nolintlint - prealloc - revive - unconvert - unparam - whitespace - wsl_v5 settings: forbidigo: forbid: - pattern: ^print.*$ msg: Do not commit print statements. - pattern: ^fmt\.Print.*$ pkg: ^fmt$ msg: Do not commit print statements. analyze-types: true goconst: min-len: 2 min-occurrences: 2 gocyclo: min-complexity: 15 godot: scope: all revive: confidence: 0.8 exclusions: generated: lax rules: - path: (.+)\.go$ text: Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked # yamllint disable-line rule:line-length - path: (.+)\.go$ text: func name will be used as test\.Test.* by other packages, and that stutters; consider calling this - path: (.+)\.go$ text: (possible misuse of unsafe.Pointer|should have signature) - path: (.+)\.go$ text: ineffective break statement. Did you mean to break out of the outer loop - path: (.+)\.go$ text: Use of unsafe calls should be audited - path: (.+)\.go$ text: Subprocess launch(ed with variable|ing should be audited) - path: (.+)\.go$ text: (G104|G307) - path: (.+)\.go$ text: (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less) - path: (.+)\.go$ text: Potential file inclusion via variable paths: - third_party$ - builtin$ - examples$ issues: max-issues-per-linter: 0 max-same-issues: 0 formatters: enable: - gofmt - goimports settings: goimports: local-prefixes: - github.com/go-webauthn/webauthn - github.com/go-webauthn/x exclusions: generated: lax paths: - third_party$ - builtin$ - examples$ ... golang-github-go-webauthn-webauthn-0.15.0/.pre-commit-config.yaml000066400000000000000000000005011512301511300246220ustar00rootroot00000000000000repos: - repo: https://github.com/gitleaks/gitleaks rev: v8.16.3 hooks: - id: gitleaks - repo: https://github.com/golangci/golangci-lint rev: v1.52.2 hooks: - id: golangci-lint - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: end-of-file-fixer - id: trailing-whitespace golang-github-go-webauthn-webauthn-0.15.0/.renovaterc000066400000000000000000000011261512301511300225160ustar00rootroot00000000000000{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "constraints": { "go": "1.25" }, "extends": [ "config:recommended", ":semanticCommitTypeAll(build)", ":separatePatchReleases" ], "ignorePresets": [ ":combinePatchMinorReleases", ":prHourlyLimit2", ":semanticPrefixFixDepsChoreOthers" ], "enabledManagers": [ "gomod" ], "labels": [ "dependencies" ], "packageRules": [ { "matchDatasources": [ "go" ], "addLabels": [ "go" ] } ], "postUpdateOptions": [ "gomodTidy" ] } golang-github-go-webauthn-webauthn-0.15.0/BREAKING.md000066400000000000000000000030551512301511300220540ustar00rootroot00000000000000# Breaking Changes This document contains notable breaking changes for particular versions that are likely to require manual intervention. ## v0.11.0 In v0.11.0 we started validating the backup related flags to ensure that they were in a valid state as per the requirements in the spec. This introduced issues for some users as they had not been storing them and at least at one point the flag values were challenging to obtain. This has lead to an effective breaking change and a state where some credentials cannot be validated. The resolution to this particular issue is to adapt current storage methods so that the values of the flags or each individual flag default to a null-like value and manually perform an update to the storage and struct when a credential with null-like values is observed. The values can be obtained before validating the parsed response similar to the example below: ```go package example import ( "net/http" "github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/webauthn" ) func FinishLogin(w http.ResponseWriter, r *http.Request) { // Abstract Business Logic: Get the WebAuthn User. user := datastore.GetUser() // Abstract Business Logic: Get the WebAuthn Session Data. session := datastore.GetSession() parsedResponse, err := protocol.ParseCredentialRequestResponse(r) if err != nil { // Handle Error and return. return } // Handle updating the appropriate credential using the flags value. flags := webauthn.NewCredentialFlags(parsedResponse.Response.AuthenticatorData.Flags) } ```golang-github-go-webauthn-webauthn-0.15.0/CITATION.cff000066400000000000000000000016121512301511300222370ustar00rootroot00000000000000--- cff-version: 1.2.0 type: software title: Go WebAuthn license: BSD-3-Clause commit: 80f6c83285fd577867f1ba20ce772412164f3be1 version: 0.15.0 date-released: '2025-11-09' repository-code: 'https://github.com/go-webauthn/webauthn/' abstract: >- The Go WebAuthn library is a FIDO2 Conformant WebAuthn and Passkey backend library for golang that simplifies the WebAuthn Relying Party implementation for go developers. It implements all of the attestation elements and conforms with modern conformance requirements from the FIDO Alliance, as well as implements the WebAuthn Level 3. message: >- If you use this software, please cite it using the metadata from this file. authors: - orcid: 'https://orcid.org/0009-0000-4673-5510' given-names: James family-names: Elliott email: james.elliott@authelia.com keywords: - webauthn - passkeys - cryptography - crypto - golang golang-github-go-webauthn-webauthn-0.15.0/CODE_OF_CONDUCT.md000066400000000000000000000121171512301511300231460ustar00rootroot00000000000000# Contributor Covenant Code of Conduct ## Our Pledge We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards Examples of behavior that contributes to a positive environment for our community include: * Demonstrating empathy and kindness toward other people * Being respectful of differing opinions, viewpoints, and experiences * Giving and gracefully accepting constructive feedback * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience * Focusing on what is best not just for us as individuals, but for the overall community Examples of unacceptable behavior include: * The use of sexualized language or imagery, and sexual attention or advances of any kind * Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or email address, without their explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Enforcement Responsibilities Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. ## Scope This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement. All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the reporter of any incident. ## Enforcement Guidelines Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: ### 1. Correction **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. ### 2. Warning **Community Impact**: A violation through a single incident or series of actions. **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. ### 3. Temporary Ban **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. ### 4. Permanent Ban **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. **Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations. golang-github-go-webauthn-webauthn-0.15.0/CONTRIBUTING.md000066400000000000000000000124471512301511300226060ustar00rootroot00000000000000# Contributing Guidelines ## Pull Request Conventions It's encouraged to discuss proposed changes prior to opening a PR, especially when the change is large. Pull request subjects should have the same format as the [Commit Message Header](#commit-message-header). ### Documentation / Specifications You should include reference documentation specifically if there is a section in the W3C Webauthn specification that relates to your pull request and explain in the PR how it implements the spec or implements the spec more closely. ### Force Push Force pushing once a pull request has been opened is heavily frowned upon. All pull requests will be merged using `git merge --squash` to avoid cluttering the master branch history with changes made during the review process. As such the only purpose force pushing to a branch once a pull request is opened is making it harder for reviewers to review your code; especially if a review has already taken place or has been started. ## Commit Message Convention _This specification is inspired by and supersedes the [AngularJS commit message format][commit-message-format]. This is an adapted version of the [Angular commit guidelines]._ We have very precise rules over how our Git commit messages must be formatted. This format leads to **easier to read commit history**. Each commit message consists of a **header**, a **body**, and a **footer**. ```