- From: Nina Satragno via GitHub <sysbot+gh@w3.org>
- Date: Fri, 17 Jun 2022 16:21:40 +0000
- To: public-webauthn@w3.org
nsatragno has just created a new issue for https://github.com/w3c/webauthn:
== Better specify what an unknown type credential descriptor being ignored means ==
We use credential descriptors "`PublicKeyCredentialDescriptor`" for allow lists & exclude lists. The spec says
> [...][client platforms](https://w3c.github.io/webauthn/#client-platform) MUST ignore any [PublicKeyCredentialDescriptor](https://w3c.github.io/webauthn/#dictdef-publickeycredentialdescriptor) with an unknown [type](https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-type).
There's no further specification for unknown types. If we follow the spec to the letter, a possible interpretation ends up with:
```javascript
navigator.credentials.get({
publicKey: {
allowCredentials: [{type: "not-yet-supported-by-browser", id: <id>}],
}
});
```
Resulting in an empty `allowCredentials` request, which is definitely not what the RP intended. I think we should immediately return `NotAllowedError` in this case, based on prior text:
> If issuedRequests is empty, options.[allowCredentials](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-allowcredentials) is not empty, and no authenticator will become available for any [public key credentials](https://w3c.github.io/webauthn/#public-key-credential) therein,
Indicate to the user that no eligible credential could be found. When the user acknowledges the dialog, throw a "[NotAllowedError](https://webidl.spec.whatwg.org/#notallowederror)" [DOMException](https://webidl.spec.whatwg.org/#idl-DOMException).
This is not a problem for `excludeCredentials`, since in that case the browser will simply discard the unknown credential type.
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1748 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 17 June 2022 16:21:42 UTC