Closes #638. Make sure residentKey services roundtrip

Author: abergs

Src/Fido2.Models/CredentialCreateOptions.cs

@@ -126,8 +126,8 @@ public static CredentialCreateOptions Create(
         AttestationConveyancePreference attestationConveyancePreference,
         IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials,
         AuthenticationExtensionsClientInputs? extensions,
-        IReadOnlyList<PubKeyCredParam> pubKeyCredParams)
-
+        IReadOnlyList<PubKeyCredParam> pubKeyCredParams)
+
     {
         return new CredentialCreateOptions
         {
@@ -184,8 +184,8 @@ public sealed class PubKeyCredParam(
     public static readonly PubKeyCredParam PS384 = new(COSE.Algorithm.PS384);
     public static readonly PubKeyCredParam PS512 = new(COSE.Algorithm.PS512);
     public static readonly PubKeyCredParam Ed25519 = new(COSE.Algorithm.EdDSA);
-    public static readonly PubKeyCredParam RS1 = new(COSE.Algorithm.RS1);
-
+    public static readonly PubKeyCredParam RS1 = new(COSE.Algorithm.RS1);
+
     /// <summary>
     /// The default algorithms supported by the library
     /// </summary>
@@ -283,7 +283,14 @@ public bool RequireResidentKey
         set
         {
             _requireResidentKey = value;
-            _residentKey = value ? ResidentKeyRequirement.Required : ResidentKeyRequirement.Discouraged;
+            if (value)
+            {
+                _residentKey = ResidentKeyRequirement.Required;
+            }
+            else if (_residentKey is not ResidentKeyRequirement.Preferred)
+            {
+                _residentKey = ResidentKeyRequirement.Discouraged;
+            }
         }
     }
 

Tests/Fido2.Tests/Fido2Tests.cs

@@ -417,6 +417,50 @@ public void TestStringIsSerializable()
         Assert.Equal(z1, z2);
     }
 
+    [Fact]
+    public void AuthenticatorSelection_ResidentKeyPreferred_SurvivesJsonRoundTrip()
+    {
+        // Arrange: Create AuthenticatorSelection with ResidentKey = Preferred
+        var original = new AuthenticatorSelection
+        {
+            ResidentKey = ResidentKeyRequirement.Preferred,
+            UserVerification = UserVerificationRequirement.Preferred
+        };
+
+        // Act: Serialize to JSON and deserialize back
+        var json = JsonSerializer.Serialize(original);
+        var deserialized = JsonSerializer.Deserialize<AuthenticatorSelection>(json);
+
+        // Assert: ResidentKey should still be Preferred after round-trip
+        Assert.Equal(ResidentKeyRequirement.Preferred, deserialized.ResidentKey);
+    }
+
+    [Fact]
+    public void CredentialCreateOptions_ResidentKeyPreferred_SurvivesJsonRoundTrip()
+    {
+        // Arrange: This JSON has residentKey: "preferred" which should be preserved
+        const string json = """
+            {
+                "rp": { "id": "some.rp.id", "name": "Some name" },
+                "user": { "name": "someuserid", "id": "NjVmZGNiOTJiZjQyZjZmZDE0YzViODVk", "displayName": "The User 1234" },
+                "challenge": "kauVQPwQtf4BlhOFObDfTQ",
+                "pubKeyCredParams": [ { "type": "public-key", "alg": -7 }, { "type": "public-key", "alg": -257 } ],
+                "timeout": 60000,
+                "attestation": "none",
+                "attestationFormats": [],
+                "authenticatorSelection": { "residentKey": "preferred", "requireResidentKey": false, "userVerification": "preferred" },
+                "hints": [],
+                "excludeCredentials": []
+            }
+            """;
+
+        // Act: Deserialize the JSON
+        var options = CredentialCreateOptions.FromJson(json);
+
+        // Assert: ResidentKey should be Preferred, not Discouraged
+        Assert.Equal(ResidentKeyRequirement.Preferred, options.AuthenticatorSelection.ResidentKey);
+    }
+
     [Fact]
     public async Task TestFido2AssertionAsync()
     {