From 92048529d22bf1151cca9241a26820f2bf806450 Mon Sep 17 00:00:00 2001
From: ltanguy <loeiz.tanguy@gmail.com>
Date: Tue, 10 Jun 2025 14:56:13 +0200
Subject: [PATCH] Fix credential parameters conversion to WebAuthn4j

Replace comparison with != operator by an .equals() comparison based on text value.
The 2 objects have the same value in most setups, but not when used in conjunction with Spring Session for example, as the object in session is built for each request

Signed-off-by: ltanguy <loeiz.tanguy@gmail.com>
---
 .../webauthn/management/Webauthn4JRelyingPartyOperations.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java b/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
index 59d07292880..87ec4d82068 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
@@ -304,7 +304,7 @@ private List<com.webauthn4j.data.PublicKeyCredentialParameters> convertCredentia
 
 	private com.webauthn4j.data.PublicKeyCredentialParameters convertParamToWebauthn4j(
 			PublicKeyCredentialParameters parameter) {
-		if (parameter.getType() != PublicKeyCredentialType.PUBLIC_KEY) {
+		if (!PublicKeyCredentialType.PUBLIC_KEY.getValue().equals(parameter.getType().getValue())) {
 			throw new IllegalArgumentException(
 					"Cannot convert unknown credential type " + parameter.getType() + " to webauthn4j");
 		}