[webauthn] `credentials.create` should fail with "NotSupportedError" if `options.pubKeyCredParams` is empty (#1383) from Nina Satragno via GitHub on 2020-03-05 (public-webauthn@w3.org from March 2020)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Mar 2020 16:52:40 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-576393895-1583427159-sysbot+gh@w3.org>

nsatragno has just created a new issue for https://github.com/w3c/webauthn:

== `credentials.create` should fail with "NotSupportedError" if `options.pubKeyCredParams` is empty ==
On `[[Create]]` method, step 9:

> if credTypesAndPubKeyAlgs is empty and options.pubKeyCredParams is not empty, return a DOMException whose name is "NotSupportedError", and terminate this algorithm.

"NotSupportedError" should be returned if `credTypesAndPubKeyAlgs` is empty regardless of whether `options.pubKeyCredParams` is empty or not. This is because an empty list will fail when sent to authenticators anyway (step 2 of the authenticatorMakeCredential operation), so there is no point in sending the empty list.

At the moment chrome is immediately throwing `NotSupportedError` (which doesn't match the spec, it should wait for the user to tap an authenticator and return `NotAllowedError` instead) and firefox is defaulting to `{ type: "public-key", alg: -7 }`

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1383 using your GitHub account

Received on Thursday, 5 March 2020 16:52:42 UTC