Re: [webauthn] Does AuthenticationExtensionsClientOutputs key have to be extension identifier or not? (#1430) from Emil Lundberg via GitHub on 2020-06-11 (public-webauthn@w3.org from June 2020)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 11 Jun 2020 00:01:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-642327782-1591833714-sysbot+gh@w3.org>

On a related note, [§9.2 Defining Extensions](https://www.w3.org/TR/webauthn-2/#sctn-extension-specification) says:

>Any client extension that is processed by the client MUST return a client extension output value so that the WebAuthn Relying Party knows that the extension was honored by the client.

...which is currently not obeyed by the [`appidExclude` extension](https://www.w3.org/TR/webauthn-2/#sctn-appid-exclude-extension). We should either relax this restriction or add an extension output to `appidExclude`. @agl Thoughs?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1430#issuecomment-642327782 using your GitHub account

Received on Thursday, 11 June 2020 00:01:57 UTC