Re: [webauthn] `CredentialRequestOptions` make otherwise valid values invalid in an undesirable way from =JeffH via GitHub on 2018-01-17 (public-webauthn@w3.org from January 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 Jan 2018 19:14:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-358411164-1516216456-sysbot+gh@w3.org>

we discussed this on [17-Jan-2018 webauthn call](https://www.w3.org/2018/01/17-webauthn-minutes.html). This requires some thought and reading-up on https://github.com/heycam/webidl/issues/76.

During the discussion, we noted that we _could_ nominally remove the "required" stipulation for `PublicKeyCredentialRequestOptions.challenge`, and note in spec prose that if one does not pass in a challenge when calling `navigator.credentials.{create(),get()}`, that the latter calls will not succeed (in some fashion...throw an error? return a null credential/assertion?). 

Though we noted that such an approach is not ideal and we need to research and discuss this issue further.  

Note also I believe @jcjones noted that the resolution to https://github.com/heycam/webidl/issues/76 is already implemented in Mozilla's Gecko.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/750#issuecomment-358411164 using your GitHub account

Received on Wednesday, 17 January 2018 19:14:21 UTC