Re: [webauthn] What does "the extension was acted upon" mean for the AppID extension? from Adam Langley via GitHub on 2018-07-03 (public-webauthn@w3.org from July 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Tue, 03 Jul 2018 12:18:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-402135336-1530620285-sysbot+gh@w3.org>

(I continue to believe that `appid` should not have a return value.)

Chrome's behaviour is that the appid return value exactly mirrors the input value. (I.e. case (1).) The motivation here is that option (2) is moot: the RP knows whether the credential was registered with U2F and so, if such a credential worked via webauthn, then clearly the extension was respected.

Also, Chrome behaviour is that appid is _always_ returned (even if appid wasn't a specified extension) because the return value element isn't optional. We're probably going to change that to just unilaterally make it optional in Chrome ([bug](https://bugs.chromium.org/p/chromium/issues/detail?id=853770)).

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/982#issuecomment-402135336 using your GitHub account

Received on Tuesday, 3 July 2018 12:18:10 UTC