[webauthn] I don't understand how to create a ClientData in makeCredential

bzbarsky has just created a new issue for 

== I don't understand how to create a ClientData in makeCredential ==
step 8 says:

> Use attestationChallenge, callerOrigin and rpId, along with the 
token binding key associated with callerOrigin (if any), to create a 
ClientData structure representing this request. Choose a hash 
algorithm for hashAlg and compute the clientDataJSON and 

ClientData is defined to be a dictionary like so:

    dictionary ClientData {
      required DOMString           challenge;
      required DOMString           origin;
      required AlgorithmIdentifier hashAlg;
      DOMString                    tokenBinding;
      WebAuthnExtensions           extensions;

Alright.  So how do I go about creating one?  

1. I guess I should fill in "challenge" from "attestationChallenge"?  
But "attestationChallenge" is a BufferSource, while "challenge" is a 
DOMString.  How is the DOMString generated from the BufferSource?
2. I guess I should fill in "origin" from "callerOrigin", but the 
former is a DOMString while the latter is an origin; in this case a 
tuple.  How is the DOMString generated?
3. Where in here is rpId used?
4. This is the first mention of a "token binding key" in this 
algorithm.  What is that, and how does one find out whether there is 
one associated with `callerOrigin`?
5. It's not clear to me what "Choose a hash algorithm for hashAlg" 
means in practice.  hashAlg can be either a string or an ES object.  
Which one is it expected to be in this case?  If it's expected to be 
an ES object, then we have a problem because then we need to define 
exactly what "JSON serialization" means for it...
6.  Is "extensions" supposed to be set to anything?  At first glance, 
no, since it's not in the set of data the spec says to use to create 
the ClientData.  But I expect that's a spec bug?

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/273 using your GitHub account

Received on Friday, 4 November 2016 20:50:46 UTC