[webauthn] Pull Request: Specify what an unknown type credential descriptor being ignored means from Amos Lim via GitHub on 2023-09-18 (public-webauthn@w3.org from September 2023)

From: Amos Lim via GitHub <sysbot+gh@w3.org>
Date: Mon, 18 Sep 2023 16:08:53 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-1519811159-1695053331-sysbot+gh@w3.org>

amoseui has just submitted a new pull request for https://github.com/w3c/webauthn:

== Specify what an unknown type credential descriptor being ignored means ==
The spec describes that client platforms MUST ignore any PublicKeyCredentialDescriptor with an unknown type. However, there is no further specification about the case when this results in an empty allowCredentials. It must not be treated as an empty list.

The client MUST return an error if none of the listed credentials can be used in allowCredentials. For instance, if all of the listed credentials have PublicKeyCredentialDescriptor with an unknown type, the client MUST throw NotAllowedError.

Fixes #1748

See https://github.com/w3c/webauthn/pull/1966


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 18 September 2023 16:08:55 UTC