- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 01 Nov 2023 20:22:58 +0000
- To: public-webauthn@w3.org
Just noting that there is precedent in the spec for this: the [`InvalidStateError` in create()](https://w3c.github.io/webauthn/#ref-for-authenticatorcancel%E2%91%A3) explicitly calls out that a more granular error is acceptable because the user has consented to the operation:
>Note: This error status is handled separately because [...] and the user has [consented](https://w3c.github.io/webauthn/#user-consent) to the operation. Given this explicit consent, it is acceptable for this case to be distinguishable to the [Relying Party](https://w3c.github.io/webauthn/#relying-party).
I too was recently surprised that we don't have such a case in `get()` for when the user attempts to use an authenticator that is not registered. There are probably other error causes that could be communicated too ("various failure cases in the hybrid flow" was mentioned on the call). We might end up needing a custom [`DOMException` derived interface](https://webidl.spec.whatwg.org/#idl-DOMException-derived-interfaces) for that.
--
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1859#issuecomment-1789622143 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 1 November 2023 20:23:04 UTC