[webauthn] authenticatorGetAssertion has no ConstraintError step for requireUserVerification from Emil Lundberg via GitHub on 2018-07-04 (public-webauthn@w3.org from July 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Jul 2018 11:48:56 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-338244675-1530704935-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== authenticatorGetAssertion has no ConstraintError step for requireUserVerification ==
[authenticatorMakeCredential][mc] has the step

>5. If _requireUserVerification_ is `true` and the authenticator cannot perform user verification, return an error code equivalent to "`ConstraintError`" and terminate the operation.

[authenticatorGetAssertion][ga] also has a _requireUserVerification_ parameter, but no equivalent step returning a "`ConstraintError`" if it is not supported. Step 7 reads

>7. [...]
>
>If _requireUserVerification_ is true, the method of obtaining user consent MUST include user verification.
>
>[...]

but leaves unspecified what should happen if this MUST cannot be satisfied.

CTAP does return identical error codes from both operations if the argument value is unsupported, so adding the missing step to authenticatorGetAsserion would not affect compatibility with CTAP.

[mc]: https://w3c.github.io/webauthn/#op-make-cred
[ga]: https://w3c.github.io/webauthn/#op-get-assertion


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/983 using your GitHub account

Received on Wednesday, 4 July 2018 11:49:07 UTC