- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 13 May 2016 13:36:35 +0000
- To: public-webauthn@w3.org
equalsJeffH has just labeled an issue for https://github.com/w3c/webauthn as "type:technical": == Underspecified error conditions == I don’t see anything in the WebAPI that defines what errors get thrown or how promises get resolved with various error conditions when arguments are passed in wrong. For example, what is the result if `getAssertion` is called without the `assertionChallenge` argument; or what is the result if the `accountInformation` argument of `makeCredential` doesn’t contain a `displayName` attribute? A comment from @vijaybh : > I think there are three buckets of errors that I would write into the spec: 1. Errors that violate the IDL (like the example below, where getAssertion is called without a challenge) – these should not need to be talked about since the IDL layer should reject it with something like SyntaxError. 2. Errors that arise from bad or mutually contradictory parameters – e.g. asking to create a credentials with crypto parameters this UA does not support. 3. Stuff that goes wrong – e.g. authenticator runs out of memory when generating an assertion. > > For #2 and #3 the TAG guidance is to always return a Promise, and reject it with a DOMException or Error in case anything goes wrong. So this is really an exercise in going through the spec, identifying where things can go wrong, and providing an Error or DOMException for each such situation. If you open an issue in the W3C Github and assign it to me, I can take a pass at it. I would add: 4. Authenticator rejects / times out when generating an attestation 5. The blacklist prevents a valid attestation I think those two are spelled out in the spec, but the result is that they “generate an appropriate error”. See https://github.com/w3c/webauthn/issues/53
Received on Friday, 13 May 2016 13:36:37 UTC