Re: [webauthn] Add "willMakeCredentialWorkWithTheseConstraints()" method to the API from Mike West via GitHub on 2017-04-11 (public-webauthn@w3.org from April 2017)

From: Mike West via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Apr 2017 14:29:14 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-293281296-1491920952-sysbot+gh@w3.org>

At the risk of adding noise to the conversation, I'd like to poke a bit at the suggestion that it would be too clunky or confusing to treat this flow as a special-case of `makeCredential`.

It sounds like the proposal at the moment is something like the following, given `userAccountInformation`, `cryptoParams`, `challenge`, and `options`:

```javascript
navigator.authentication
    .promoteAuthenticatorIfAvailable(cryptoParams, options)
    .then(_ => {
      navigator.authentication
        .makeCredential(userAccountInformation, cryptoParams, challenge, options)
        .then(a => {
          // Hooray! We have a thing!
        });
    });
```

That's not a million miles away from:

```javascript
options.checkWithTheUserWhetherThisIsAtAllPossibleFirst = true;
navigator.authentication
  .makeCredential(userAccountInformation, cryptoParams, challenge, options)
  .then(a => {
    // Hooray, we have a thing!
  });
```

In fact, it seems like that's a more direct way of asking for the thing you'd like. If the user clicks through the UI that the user agent provides, you'll end up with a credential. If not, the promise never resolves/rejects/whatever you have in mind.

This falls down a bit if you decide that you want to do something else with the information that a user _could_ create the kind of credential that you're interested in. Navigation would be more difficult, for instance. Is creating a popup or new tab something you expect RPs to want to do?

---

In a credential management world, the latter might be written as:

```javascript
ScopedCredential.create({
  ...,
  checkWithTheUserWhetherThisIsAtAllPossibleFirst: true
})
  .then(c => {
    // Hooray, we have a thing!
  });
```

with the possibility of moving the whole thing to `navigator.credentials.create(...)` depending on the feedback to https://github.com/w3c/webappsec-credential-management/pull/72.

-- 
GitHub Notification of comment by mikewest
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/345#issuecomment-293281296 using your GitHub account

Received on Tuesday, 11 April 2017 14:29:20 UTC