Re: [webauthn] appid extension: value when not acted upon?

This is documented, perhaps not clearly enough in [ยง9. WebAuthn Extensions][ext]:

>All WebAuthn extensions are OPTIONAL for both clients and authenticators. Thus, any extensions requested by a Relying Party MAY be ignored by the client browser or OS and not passed to the authenticator at all, or they MAY be ignored by the authenticator. Ignoring an extension is never considered a failure in WebAuthn API processing, so when Relying Parties include extensions with any API calls, they MUST be prepared to handle cases where some or all of those extensions are ignored.

If an extension is not acted upon, then no value will be added to the extension outputs.


GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 13 June 2018 09:14:54 UTC