W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] Does AuthenticationExtensionsClientOutputs key have to be extension identifier or not? (#1430)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 11 Jun 2020 00:01:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-642327782-1591833714-sysbot+gh@w3.org>
On a related note, [ยง9.2 Defining Extensions](https://www.w3.org/TR/webauthn-2/#sctn-extension-specification) says:

>Any client extension that is processed by the client MUST return a client extension output value so that the WebAuthn Relying Party knows that the extension was honored by the client.

...which is currently not obeyed by the [`appidExclude` extension](https://www.w3.org/TR/webauthn-2/#sctn-appid-exclude-extension). We should either relax this restriction or add an extension output to `appidExclude`. @agl Thoughs?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1430#issuecomment-642327782 using your GitHub account
Received on Thursday, 11 June 2020 00:01:57 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC