W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] Provide request deserialization, response serialization (#1683)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Jan 2022 20:44:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1010345374-1641933889-sysbot+gh@w3.org>
From an RP consumability perspective I think this is an excellent idea. Minor nits:
 - In the createOpts example, user.id should be shown as a B64URL input example data rather than 'internalUserId' since it is really bytes (same as challenge).
 - The assertion response can optionally include **userHandle** (not shown in your example)
 
Another concern is how extensions which use ArrayBuffer for input need to be documented. For example the [credBlob extension input](https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credBlob-extension) is ArrayBuffer rather than JSON. This means that the optionsFromJSON method would need to be "extension aware", which is new behaviour. Not sure if there are any other extensions with this characteristic.

I expect also the JSON/B64URL encodings will eventually need a schema-like specification.


-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1683#issuecomment-1010345374 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 11 January 2022 20:44:52 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:44 UTC