Spring Security Make WebAuthnAuthentication Serializable

WebAuthnAuthentication implements Serializable, but cannot be serialized due to PublicKeyCredentialUserEntity, one of its members, not being serializable.

Comment From: justincranford

I reported a similar issue, but more broadly it affects registration too. https://github.com/spring-projects/spring-security/issues/16328

WebAuthn + Redis doesn't work out-of-the-box... 1. WebAuthn classes lack Serializable interface, and Redis defaults to JdkSerializationRedisSerializer. 2. WebAuthn has mixins for GenericJackson2JsonRedisSerializer, but I had to add 12 extras because bundled mixins are partially incomplete or missing.

Workarounds to create an ObjectMapper for GenericJackson2JsonRedisSerializer which can serialize the WebAuthn registration and authentication request objects. https://github.com/spring-projects/spring-security/issues/16328#issuecomment-2563052605

Workarounds to configure Redis with GenericJackson2JsonRedisSerializer. https://github.com/spring-projects/spring-security/issues/16328#issuecomment-2563055747