- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Oct 2023 15:03:46 +0000
- To: public-webauthn@w3.org
emlun has just created a new issue for https://github.com/w3c/webauthn:
== create() and get() return an algorithm, not a credential ==
Both [§5.1.3. Create a New
Credential](https://w3c.github.io/webauthn/#sctn-createCredential) and [§5.1.4.
Use an Existing Credential to Make an
Assertion](https://w3c.github.io/webauthn/#sctn-discover-from-external-source)
currently resolve with:
> **If any authenticator indicates success,**
>[...]
>3. Let _constructCredentialAlg_ be an algorithm that takes a [global object](https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global) _global_, and whose steps are:
>[...]
>5. Return _constructCredentialAlg_ and terminate this algorithm.
> **If any authenticator indicates success,**
>[...]
>5. Let _constructAssertionAlg_ be an algorithm that takes a [global object](https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global) _global_, and whose steps are:
>[...]
>7. Return _constructAssertionAlg_ and terminate this algorithm.
So what's returned is just the procedure for how to create the
[`PublicKeyCredential`](https://w3c.github.io/webauthn/#publickeycredential)
result, not the result itself.
## Proposed Change
It seems like these final steps should instead read:
5. Let _global_ be the [=relevant global object=], as determined by the calling {{CredentialsContainer/create()}} implementation. Return _constructCredentialAlg(global)_ and terminate this algorithm.
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1984 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 October 2023 15:03:48 UTC