- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 12 Aug 2024 16:43:18 +0000
- To: public-webauthn@w3.org
Looks like `rawId` first appeared in commit https://github.com/w3c/webauthn/pull/384/commits/ab8d74e50493fbe9e49ebb439a2d29337d63cdf1 of PR #384. I don't see any rationale for it in that thread, but this same discussion was brought up in issue #412 which was closed without action as the proposed changes were breaking changes. > Are user agents expected to encode `id` again so that an RP receives a Credential ID that has been encoded twice or are user agents expected to know that the `USVString` is already a `Base64URLString` and send it as is? If the latter, it seems less confusing to just leave the type as a `USVString`. User agents are expected to _not_ re-encode `id`, so yes, `id` and `rawId` are essentially aliases in the `*ResponseJSON` context. Fair point about the `Base64URLString` type perhaps making it seem like it would be doubly-encoded, but on the other hand it _is_ a base64 encoded value. @MasterKale any thoughts on that? > one issue I have as an RP library writer is deciding which Credential ID to use. I agree that libraries should not tolerate a mismatch between `id` and `rawId`. The server-side library I've worked on, [java-webauthn-server](https://github.com/Yubico/java-webauthn-server/), essentially treats the two as aliases, requires at least one of them to be present and [rejects mismatches if both are present](https://github.com/Yubico/java-webauthn-server/blob/240b8d937e5aeb6d861625dada77035b49b839bf/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java#L95-L101). That library predates these `*ResponseJSON` types, but the idea is the same. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2119#issuecomment-2284477888 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 12 August 2024 16:43:18 UTC