diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
index 6fbcc3596c6..9c5f6334c72 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
@@ -16,10 +16,12 @@
package org.springframework.security.web.webauthn.api;
+import java.io.Serializable;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
/**
@@ -28,7 +30,9 @@
* @author Rob Winch
* @since 6.4
*/
-public final class Bytes {
+public final class Bytes implements Serializable {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private static final SecureRandom RANDOM = new SecureRandom();
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
index fd95a24c715..b40e366c405 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
@@ -16,6 +16,8 @@
package org.springframework.security.web.webauthn.api;
+import java.io.Serializable;
+
/**
* PublicKeyCredentialUserEntity
@@ -27,7 +29,7 @@
* @since 6.4
* @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest)
*/
-public interface PublicKeyCredentialUserEntity {
+public interface PublicKeyCredentialUserEntity extends Serializable {
/**
* The authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
+ WebAuthnAuthentication authentication = new WebAuthnAuthentication(userEntity, authorities);
+ byte[] serialize = SerializationUtils.serialize(authentication);
+ WebAuthnAuthentication deserializeAuthentication = (WebAuthnAuthentication) SerializationUtils.deserialize(serialize);
+ assertThat(deserializeAuthentication.getPrincipal().getName()).isEqualTo(authentication.getPrincipal().getName());
+ assertThat(deserializeAuthentication.getPrincipal().getDisplayName()).isEqualTo(authentication.getPrincipal().getDisplayName());
+ assertThat(deserializeAuthentication.getPrincipal().getId()).isEqualTo(authentication.getPrincipal().getId());
+ }
+
}