W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

[webauthn] Reconsider having unknown "enum" values being ignored (#1738)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Jun 2022 14:59:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1264892774-1654700357-sysbot+gh@w3.org>
nsatragno has just created a new issue for https://github.com/w3c/webauthn:

== Reconsider having unknown "enum" values being ignored ==
WebAuthn says "client platforms MUST ignore unknown values, treating an unknown value as if the member does not exist" for `AuthenticatorAttachment`, `ResidentKeyRequirement`, `UserVerificationRequirement`, `AttestationConveyancePreference`. The reason stated is for [backwards compatibility](https://w3c.github.io/webauthn/#sct-domstring-backwards-compatibility). 

It turns out that all browsers throw a TypeError when they see an unknown value [(here are test results that show this for UserVerificationRequirement)](https://wpt.fyi/results/webauthn/createcredential-badargs-authnrselection.https.html?label=experimental&label=master&aligned). I think we should update the spec to reflect reality. In many cases ignoring an unknown value causes problems anyway (e.g. if the browser ignores conditional mediation) so we have to add some way for the RP to detect new features.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1738 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 8 June 2022 14:59:21 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC