Re: [w3c/push-api] Allow passing a base64url-encoded value to `applicationServerKey` (#227) from Martin Thomson on 2016-11-27 (public-webapps-github@w3.org from November 2016)

From: Martin Thomson <notifications@github.com>
Date: Sat, 26 Nov 2016 22:03:45 -0800
To: w3c/push-api <push-api@noreply.github.com>
Message-ID: <w3c/push-api/pull/227/review/10225358@github.com>

martinthomson commented on this pull request.



> @@ -601,10 +603,22 @@
         provided, or a <code><a>PushSubscriptionOptions</a></code> dictionary with default values.
         </li>
         <li>If <var>allOptions</var> includes a non-null value for the
-        <code><a>applicationServerKey</a></code> attribute, check that the value is valid (i.e.,
-        ensure that it describes a valid point on the P-256 curve). If the
-        <code><a>applicationServerKey</a></code> value is invalid, reject <var>promise</var> with
-        an <code><a>InvalidAccessError</a></code> and terminate these steps.
+        <code><a>applicationServerKey</a></code> attribute, run the following substeps:
+          <ol>
+            <li>Let <var>applicationServerKey</var> be the sequence of octets in
+            <code><a>applicationServerKey</a></code> when provided as a <code><a>BufferSource</a></code>,
+            or the sequence of octets that results from decoding
+            <code><a>applicationServerKey</a></code> using the URL-safe base64 encoding [[!RFC4648]]
+            when provided as a <code><a>DOMString</a></code>. If decoding fails, reject
+            <var>promise</var> with a <code><a>DOMException</a></code> whose name is
+            "<code><a>InvalidCharacterError</a></code>" and terminate these steps.

What do we do about padding (the trailing '===')?

> @@ -601,10 +603,22 @@
         provided, or a <code><a>PushSubscriptionOptions</a></code> dictionary with default values.
         </li>
         <li>If <var>allOptions</var> includes a non-null value for the
-        <code><a>applicationServerKey</a></code> attribute, check that the value is valid (i.e.,
-        ensure that it describes a valid point on the P-256 curve). If the
-        <code><a>applicationServerKey</a></code> value is invalid, reject <var>promise</var> with
-        an <code><a>InvalidAccessError</a></code> and terminate these steps.
+        <code><a>applicationServerKey</a></code> attribute, run the following substeps:
+          <ol>
+            <li>Let <var>applicationServerKey</var> be the sequence of octets in
+            <code><a>applicationServerKey</a></code> when provided as a <code><a>BufferSource</a></code>,
+            or the sequence of octets that results from decoding
+            <code><a>applicationServerKey</a></code> using the URL-safe base64 encoding [[!RFC4648]]

You can use RFC 7515 and base64url, which is a more precise encoding (and one that addresses my next comment).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/227#pullrequestreview-10225358

Received on Sunday, 27 November 2016 06:04:45 UTC