- From: RyannaArline via GitHub <sysbot+gh@w3.org>
- Date: Wed, 16 Mar 2022 00:34:19 +0000
- To: public-webauthn@w3.org
i have no idea what i am doing
On Tue, Mar 15, 2022 at 1:11 PM Nina Satragno ***@***.***>
wrote:
> ***@***.**** commented on this pull request.
>
> Thank you for your work here! I think this might require a little more
> work to avoid breaking the Credential Management integration. Happy to
> answer any questions you might have.
> ------------------------------
>
> In index.bs
> <https://github.com/w3c/webauthn/pull/1706#discussion_r827365417>:
>
> > :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=]
> - operation on |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|. Then return a {{DOMException}}
> - whose name is "{{AbortError}}" and terminate this algorithm.
> + operation on |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|. Then return the
> + <code>|options|.{{CredentialCreationOptions/signal}}</code>'s [=AbortSignal/abort reason=] and terminate this algorithm.
>
> Piggybacking off @annevk <https://github.com/annevk>'s comment: this
> breaks the contract that [[Create]] will always return null, a credential,
> or an exception
> <https://w3c.github.io/webappsec-credential-management/#algorithm-create-cred>
> since the abort reason can be anything. It is important to maintain this
> contract so that the Create a Credential
> <https://w3c.github.io/webappsec-credential-management/#algorithm-create>
> algorithm doesn't break in unexpected ways.
>
> A way to solve this would be to wrap the abort reason in some other
> object (maybe in an AbortError exception?) and handling that specific
> case in credential management's Create a credential algorithm step 10
> <https://w3c.github.io/webappsec-credential-management/#:~:text=Run%20the%20following,Create%5D%5D%20internal%20method>
> .).
> ------------------------------
>
> In index.bs
> <https://github.com/w3c/webauthn/pull/1706#discussion_r827368421>:
>
> > @@ -2097,9 +2096,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
>
> 1. Let |clientDataHash| be the [=hash of the serialized client data=] represented by |clientDataJSON|.
>
> -1. If the <code>|options|.{{CredentialRequestOptions/signal}}</code> is present and its
> - [=AbortSignal/aborted flag=] is set to [TRUE], return a {{DOMException}} whose name is "{{AbortError}}"
> - and terminate this algorithm.
> +1. If the <code>|options|.{{CredentialRequestOptions/signal}}</code> is present and [=AbortSignal/aborted=], return
>
> This has the same issues
> <https://w3c.github.io/webappsec-credential-management/#algorithm-discover-creds>
> as credential creation, and I suspect an equivalent fix would work.
>
> —
> Reply to this email directly, view it on GitHub
> <https://github.com/w3c/webauthn/pull/1706#pullrequestreview-910756916>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AYB3TUWRQHE24FQ4JNE454LVADVFXANCNFSM5QXIML7Q>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
> You are receiving this because you commented.Message ID:
> ***@***.***>
>
--
GitHub Notification of comment by RyannaArline
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1706#issuecomment-1068605427 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 16 March 2022 00:34:20 UTC