W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

[webauthn] Incorrect use of _options_ variable in `create()` and `get()` definitions (#1752)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 21 Jun 2022 13:40:13 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1278469324-1655818810-sysbot+gh@w3.org>
emlun has just created a new issue for https://github.com/w3c/webauthn:

== Incorrect use of _options_ variable in `create()` and `get()` definitions ==
[§5.1.3. Create a New Credential](https://w3c.github.io/webauthn/#sctn-createCredential) and [§5.1.4. Use an Existing Credential to Make an Assertion](https://w3c.github.io/webauthn/#sctn-discover-from-external-source) both declare their **options** parameter as the `Credential[Creation|Request]Options` object inherited from CredMan:

>**options**
>This argument is a [`CredentialCreationOptions`](https://w3c.github.io/webappsec-credential-management/#dictdef-credentialcreationoptions) object whose _options_.[`publicKey`](https://w3c.github.io/webauthn/#dom-credentialcreationoptions-publickey) member contains a [`PublicKeyCredentialCreationOptions`](https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions) object [...]

Both also re-assign the _options_ variable:

>Let _options_ be the value of _options_.[`publicKey`](https://w3c.github.io/webauthn/#dom-credentialrequestoptions-publickey).

But both then also reference _options_.`signal`, which is a member of `Credential[Creation|Request]Options` but not `PublicKeyCredential[Creation|Request]Options`:

>If _options_.[`signal`](https://w3c.github.io/webappsec-credential-management/#dom-credentialrequestoptions-signal) is present and [aborted](https://dom.spec.whatwg.org/#abortsignal-aborted), throw the _options_.[`signal`](https://w3c.github.io/webappsec-credential-management/#dom-credentialrequestoptions-signal)’s [abort reason](https://dom.spec.whatwg.org/#abortsignal-abort-reason).

For correctness, we need to keep a reference to the _options_ inherited from CredMan and either introduce a new variable for its _options_.`pubKey` attribute, or simply reference the WebAuthn-specific parameters using the _options_.`pubKey` prefix.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1752 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 21 June 2022 13:40:15 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC