fido-mds-tool list-fido2 fails with InvalidJwt error

[Be-ing]

I did this

$ cargo install fido-mds-tool
$ fido-mds-tool fetch
024-11-16T06:27:41.394418Z  INFO fido_mds_tool: Fetching from https://mds.fidoalliance.org/ to "/tmp/mds.blob.jwt"
2024-11-16T06:27:43.628861Z  INFO fido_mds_tool: Ok!
$ fido-mds-tool list-fido2 -p /tmp/mds.blob.jwt -d   
2024-11-16T06:27:50.919779Z DEBUG fido_mds::mds: X509VerifyResult { code: 0, error: "ok" }
2024-11-16T06:27:50.919850Z DEBUG fido_mds::mds: res=Ok(())
2024-11-16T06:27:50.944921Z ERROR fido_mds_tool: e=InvalidJwt

I also tried running fido-mds-tool from the kanidm/tools container: podman run -i -t docker.io/kanidm/tools:latest /bin/sh then repeat the above commands.

I expected the following

JSON output to pass to Kanidm client as described at https://kanidm.github.io/kanidm/stable/accounts/account_policy.html#setting-webauthn-attestation-ca-lists

What actually happened

fido-mds-tool always fails with an InvalidJwt error

Version (and git commit)

0.5.0

Operating System / Version

Fedora 41

[Firstyear]

Duplicate of #450

This is because FIDO updated the MDS syntax without updating the specification and have ceased answering our emails.

[Be-ing]

Yikes. That's concerning and disappointing :/