W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] appid extension: value when not acted upon?

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jun 2018 09:14:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-396870987-1528881288-sysbot+gh@w3.org>
This is documented, perhaps not clearly enough in [ยง9. WebAuthn Extensions][ext]:

>All WebAuthn extensions are OPTIONAL for both clients and authenticators. Thus, any extensions requested by a Relying Party MAY be ignored by the client browser or OS and not passed to the authenticator at all, or they MAY be ignored by the authenticator. Ignoring an extension is never considered a failure in WebAuthn API processing, so when Relying Parties include extensions with any API calls, they MUST be prepared to handle cases where some or all of those extensions are ignored.

If an extension is not acted upon, then no value will be added to the extension outputs.

[ext]: https://w3c.github.io/webauthn/#extensions

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/948#issuecomment-396870987 using your GitHub account
Received on Wednesday, 13 June 2018 09:14:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC