[webauthn] Suggested use of getTransports() incorrectly calls it from `credential` (#1436) from Matthew Miller via GitHub on 2020-06-07 (public-webauthn@w3.org from June 2020)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Sun, 07 Jun 2020 18:35:48 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-633650347-1591554947-sysbot+gh@w3.org>

MasterKale has just created a new issue for https://github.com/w3c/webauthn:

== Suggested use of getTransports() incorrectly calls it from `credential` ==
**Section 7.1, step 23** (describing attestation verification) states the following:

> It is RECOMMENDED to also:
> 
> - Associate the credentialId with the transport hints **returned by calling credential.getTransports()**. This value SHOULD NOT be modified before or after storing it. It is RECOMMENDED to use this value to populate the transports of the allowCredentials option in future get() calls to help the client know how to find a suitable authenticator.

**Section 7.2, step 1** (describing assertion verification) states the following:

> If options.allowCredentials is present, the transports member of each value SHOULD be set to the value **returned by credential.getTransports()** when the credential was registered.

These two instances of `credential.getTransports()` should instead be `credential.response.getTransports()` because in the current spec `getTransports()` is defined as [a property of AuthenticatorAttestationResponse](https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-gettransports).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1436 using your GitHub account

Received on Sunday, 7 June 2020 18:35:50 UTC