- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Tue, 01 Jun 2021 04:37:41 +0000
- To: public-webauthn@w3.org
That was something that always miffed me about the spec: it didn't seem very considerate of developers' time to not require clients to handle encoding to/decoding from Base64URL. [Entire](https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser) [libraries](https://github.com/github/webauthn-json) exist just to handle this song-and-dance especially because, as you said, browser JavaScript lacks native methods to encode/decode Base64URL. It's so much code that could be thrown away if data structures in the spec reflected the common use of JSON to send data between browser and RP in the web application context in which WebAuthn was written for. RPs have an easier time encoding to Base64URL, while browsers, as WebAuthn clients, are better-positioned to encode to Base64URL before returning from `navigator.credentials.create()`/`navigator.credentials.get()`. I'd support efforts to consider such an either/or "`encoded`" option for things like `challenge`'s or credential `id`'s. I think it would reduce a lot of friction to adoption so developers can more easily incorporate this API into their application. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1619#issuecomment-851797882 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 1 June 2021 04:37:56 UTC