Re: [webauthn] The default value of `attestation` member in `PublicKeyCredentialRequestOptions` should be null or must not have default value (#1941)

While prototyping this feature, I found that there are some of procedures defined in the spec.
If the attestationFormats of the inputs from the webauthn client, which is based on the relying party input ([attestation](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestation), [attestationFormats](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestationformats)), the authenticator would fallback to the `none` which is not the none attestation format, but assertion without attestation.

So, the authenticator and the webauthn client might not return attestationObject in the assertion response.
But, as a RP, when implementing the webauthn server API, we refer the IDL. In addition, `attestation` defaulting to `none` in assertion would make some confusions, because the attestation in creation would return `none` attestation statement in the response in such cases, while the attestation in authentication does not return any attestation statement for the same case.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1941#issuecomment-1690744421 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 August 2023 22:49:26 UTC