(Max) number of bytes in an auto-generated challenge is not documented

[lgarron]

I can't find documentation of the number of bytes (or at least a maximum) at:

• https://duo.com/blog/going-passwordless-with-py-webauthn

• py_webauthn/webauthn/registration/generate_registration_options.py

  Line 67 in 494373e

  (optional) `challenge`: A byte sequence for the authenticator to return back in its response. If no value is specified then a sequence of random bytes will be generated.

Since this is a binary value that must be stored on the server, it would be really useful to know what size to allocate in a DB column.

(I know I can work around this by specifying the challenge, but it would be useful to know how to handle the defaults.)

[MasterKale]

Thanks for raising this @lgarron, if only I had time lately to produce a proper docs site 🥲

Until then I can add a note or something to the README about this specifically.

[MasterKale]

I've merged #198 that communicates more clearly how big challenges will be when it's left up to the library to generate them (it's 64 bytes.)

I'll follow up when this is available in a new release on PyPI.

[MasterKale]

Alright, this change is out in the latest webauthn==2.0.0 on PyPI:

https://github.com/duo-labs/py_webauthn/releases/tag/v2.0.0