W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2017

[webauthn] makeCredential should be more precise than NotAllowedError in its last step

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Tue, 14 Mar 2017 21:51:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-214217678-1489528300-sysbot+gh@w3.org>
jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== makeCredential should be more precise than NotAllowedError in its last step ==
https://w3c.github.io/webauthn/#makeCredential ends with

> Reject promise with a DOMException whose name is "NotAllowedError".

However, it can get to this step for a couple reasons besides the user disallowing the operation.

* "If the adjustedTimeout timer expires," it should return a https://heycam.github.io/webidl/#timeouterror
* "If any authenticator returns a status indicating that the user cancelled the operation," NotAllowedError might make sense, but https://heycam.github.io/webidl/#aborterror might make more sense for the user cancelling.
* "If any authenticator returns an error status," should we propagate that error? I see UnknownError, NotSupportedError, and NotAllowedError in https://w3c.github.io/webauthn/#op-make-cred. The UnknownError there also looks suspicious to me. That could be a TypeError.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/376 using your GitHub account
Received on Tuesday, 14 March 2017 21:51:47 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:25 UTC