Re: [webauthn] New PublicKeyCredential methods for JSON (de)serialization (#1703) from Arnaud Dagnelies via GitHub on 2022-06-18 (public-webauthn@w3.org from June 2022)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Sat, 18 Jun 2022 09:09:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1159403472-1655543369-sysbot+gh@w3.org>

This is already a great step forward. 

As far as I understand, it is converting *all* ArrayBuffer objects into base64url. I wonder if it would make sense to add some more nuanced conversions.

**For `credentials.create`**


In particular, I would view 2 exceptions:

- The `response.clientDataJSON` contains a raw JSON encoded string. So it would be better to parse this ArrayBuffer directly (like `{"type":"webauthn.create","challenge":"ZmFrZS1pZC05ZDFqazgwa251NA","origin":"http://localhost:63342","crossOrigin":false}` instead or re-encoding this string into base64url.
- The `response.userHandle` contains the plain text "user.id" like `my-john-doe-id` and here also the raw value holds more value than its base64url encoded variant.



-- 
GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1703#issuecomment-1159403472 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 18 June 2022 09:09:32 UTC