Re: [webauthn] New PublicKeyCredential methods for JSON (de)serialization (#1703) from Matthew Miller via GitHub on 2022-06-21 (public-webauthn@w3.org from June 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Tue, 21 Jun 2022 05:49:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1161293832-1655790553-sysbot+gh@w3.org>

I like to resolve all comments in my PR's before the changes land, so I'm highlighting the last unresolved comment on this PR. It's a conversation @kreichgauer and I are having on a comment made back in April (we're nearly 100 comments on this 😱): https://github.com/w3c/webauthn/pull/1703#discussion_r902152703

Martin mentioned this:

> I agree with the desire to aid developers as much as we can, and I agree that the structure of the API with create() and get() returning the same interface type but encapsulating two different response dictionary types is…awkward. (It's a side effect of having WebAuthn bolted on top of Credential Management, but our developers/users shouldn't care about that.) However, I'm kind of on the fence whether I find the separate inheritance hierarchy for JSON serialization more or less confusing. I guess it depends on whether you think the hypothetical WebAuthn developer would first look at the PublicKeyCredential interface IDL or not? If they did, comparing the two and realizing that they're different in weird subtle ways (beyond the binary->base64url conversion) I think could be a bit puzzling? If on the other hand, we'd assume the hypothetical developer would only ever see the JSON IDL, I agree what you propose would be simpler to grok.

And I responded: 

> Can we leave comments in IDL definitions? I want to believe a developer who doesn't want to get too deep into things will jump to these JSON methods, but it's probably more realistic that they'd stumble on `PublicKeyCredential` first and then the JSON IDL. If we could leave comments in the JSON IDL explaining why there are split types then perhaps we can have the best of both worlds.

I'm interested in seeing what others might think about what we're discussing. It might be more useful to continue hashing this out down here, though, since it's easier to find. When some kind of decision is reached I can address whatever might need to change, then go back up into the comment and resolve it.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1703#issuecomment-1161293832 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 21 June 2022 05:49:16 UTC