W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2020

[webauthn] `credentials.create` should fail with "NotSupportedError" if `options.pubKeyCredParams` is empty (#1383)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Mar 2020 16:52:40 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-576393895-1583427159-sysbot+gh@w3.org>
nsatragno has just created a new issue for https://github.com/w3c/webauthn:

== `credentials.create` should fail with "NotSupportedError" if `options.pubKeyCredParams` is empty ==
On `[[Create]]` method, step 9:

> if credTypesAndPubKeyAlgs is empty and options.pubKeyCredParams is not empty, return a DOMException whose name is "NotSupportedError", and terminate this algorithm.

"NotSupportedError" should be returned if `credTypesAndPubKeyAlgs` is empty regardless of whether `options.pubKeyCredParams` is empty or not. This is because an empty list will fail when sent to authenticators anyway (step 2 of the authenticatorMakeCredential operation), so there is no point in sending the empty list.

At the moment chrome is immediately throwing `NotSupportedError` (which doesn't match the spec, it should wait for the user to tap an authenticator and return `NotAllowedError` instead) and firefox is defaulting to `{ type: "public-key", alg: -7 }`

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1383 using your GitHub account
Received on Thursday, 5 March 2020 16:52:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC