[webauthn] Reconsider having unknown "enum" values being ignored (#1738) from Nina Satragno via GitHub on 2022-06-08 (public-webauthn@w3.org from June 2022)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Jun 2022 14:59:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1264892774-1654700357-sysbot+gh@w3.org>

nsatragno has just created a new issue for https://github.com/w3c/webauthn:

== Reconsider having unknown "enum" values being ignored ==
WebAuthn says "client platforms MUST ignore unknown values, treating an unknown value as if the member does not exist" for `AuthenticatorAttachment`, `ResidentKeyRequirement`, `UserVerificationRequirement`, `AttestationConveyancePreference`. The reason stated is for [backwards compatibility](https://w3c.github.io/webauthn/#sct-domstring-backwards-compatibility). 

It turns out that all browsers throw a TypeError when they see an unknown value [(here are test results that show this for UserVerificationRequirement)](https://wpt.fyi/results/webauthn/createcredential-badargs-authnrselection.https.html?label=experimental&label=master&aligned). I think we should update the spec to reflect reality. In many cases ignoring an unknown value causes problems anyway (e.g. if the browser ignores conditional mediation) so we have to add some way for the RP to detect new features.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1738 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 8 June 2022 14:59:21 UTC