[webauthn] makeCredential should be more precise than NotAllowedError in its last step from Jeffrey Yasskin via GitHub on 2017-03-14 (public-webauthn@w3.org from March 2017)

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Tue, 14 Mar 2017 21:51:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-214217678-1489528300-sysbot+gh@w3.org>

jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== makeCredential should be more precise than NotAllowedError in its last step ==
https://w3c.github.io/webauthn/#makeCredential ends with

> Reject promise with a DOMException whose name is "NotAllowedError".

However, it can get to this step for a couple reasons besides the user disallowing the operation.

* "If the adjustedTimeout timer expires," it should return a https://heycam.github.io/webidl/#timeouterror
* "If any authenticator returns a status indicating that the user cancelled the operation," NotAllowedError might make sense, but https://heycam.github.io/webidl/#aborterror might make more sense for the user cancelling.
* "If any authenticator returns an error status," should we propagate that error? I see UnknownError, NotSupportedError, and NotAllowedError in https://w3c.github.io/webauthn/#op-make-cred. The UnknownError there also looks suspicious to me. That could be a TypeError.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/376 using your GitHub account

Received on Tuesday, 14 March 2017 21:51:47 UTC