- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 Jan 2024 14:54:01 +0000
- To: public-webauthn@w3.org
Oh, this is weird - this issue appears in Chrome but not in Firefox. @agl @jschanck is this a bug in either browser? The relevant HTML is this: ```html <h3 class="heading settled" data-level="7.2" id="sctn-verifying-assertion"><span class="secno">7.2. </span><span class="content">Verifying an Authentication Assertion</span><a class="self-link" href="#sctn-verifying-assertion"></a></h3> <p>In order to perform an <a data-link-type="dfn" href="#authentication-ceremony" id="ref-for-authentication-ceremony②⑤">authentication ceremony</a>, the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party②⑥⑨" aria-expanded="false">Relying Party</a> MUST proceed as follows:</p> <ol> <li data-md=""> <p>Identify the user being authenticated and let <var>credentialRecord</var> be the <a data-link-type="dfn" href="#credential-record" id="ref-for-credential-record⑨">credential record</a> for the <a data-link-type="dfn" href="https://w3c.github.io/webappsec-credential-management/#concept-credential" id="ref-for-concept-credential①⑧">credential</a>:</p> <dl class="switch"> <dt data-md="">If the user was identified before the <a data-link-type="dfn" href="#authentication-ceremony" id="ref-for-authentication-ceremony②⑥" aria-expanded="false">authentication ceremony</a> was initiated, e.g., via a username or cookie, </dt><dd data-md=""> <p>verify that the identified <a data-link-type="dfn" href="#user-account" id="ref-for-user-account③③" aria-expanded="false">user account</a> contains a <a data-link-type="dfn" href="#credential-record" id="ref-for-credential-record①⓪">credential record</a> whose <a data-link-type="abstract-op" href="#abstract-opdef-credential-record-id" id="ref-for-abstract-opdef-credential-record-id②">id</a> equals <code><var>credential</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredential-rawid" id="ref-for-dom-publickeycredential-rawid③">rawId</a></code></code>. Let <var>credentialRecord</var> be that <a data-link-type="dfn" href="#credential-record" id="ref-for-credential-record①①" aria-expanded="false">credential record</a>. If <code><var>response</var>.<code class="idl"><a data-link-type="idl" href="#dom-authenticatorassertionresponse-userhandle" id="ref-for-dom-authenticatorassertionresponse-userhandle⑥">userHandle</a></code></code> is present, verify that it equals the <a data-link-type="dfn" href="#user-handle" id="ref-for-user-handle②④" aria-expanded="false">user handle</a> of the <a data-link-type="dfn" href="#user-account" id="ref-for-user-account③④">user account</a>.</p> </dd><dt data-md="">If the user was not identified before the <a data-link-type="dfn" href="#authentication-ceremony" id="ref-for-authentication-ceremony②⑦">authentication ceremony</a> was initiated, </dt><dd data-md=""> <p>verify that <code><var>response</var>.<code class="idl"><a data-link-type="idl" href="#dom-authenticatorassertionresponse-userhandle" id="ref-for-dom-authenticatorassertionresponse-userhandle⑦">userHandle</a></code></code> is present. Verify that the <a data-link-type="dfn" href="#user-account" id="ref-for-user-account③⑤" aria-expanded="false">user account</a> identified by <code><var>response</var>.<code class="idl"><a data-link-type="idl" href="#dom-authenticatorassertionresponse-userhandle" id="ref-for-dom-authenticatorassertionresponse-userhandle⑧">userHandle</a></code></code> contains a <a data-link-type="dfn" href="#credential-record" id="ref-for-credential-record①②">credential record</a> whose <a data-link-type="abstract-op" href="#abstract-opdef-credential-record-id" id="ref-for-abstract-opdef-credential-record-id③">id</a> equals <code><var>credential</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredential-rawid" id="ref-for-dom-publickeycredential-rawid④">rawId</a></code></code>. Let <var>credentialRecord</var> be that <a data-link-type="dfn" href="#credential-record" id="ref-for-credential-record①③" aria-expanded="false">credential record</a>.</p> </dd></dl> </li> <li data-md=""> <p>Let <var>cData</var>, <var>authData</var> and <var>sig</var> denote the value of <var>response</var>’s <code class="idl"><a data-link-type="idl" href="#dom-authenticatorresponse-clientdatajson" id="ref-for-dom-authenticatorresponse-clientdatajson①⓪">clientDataJSON</a></code>, <code class="idl"><a data-link-type="idl" href="#dom-authenticatorassertionresponse-authenticatordata" id="ref-for-dom-authenticatorassertionresponse-authenticatordata②" aria-expanded="false">authenticatorData</a></code>, and <code class="idl"><a data-link-type="idl" href="#dom-authenticatorassertionresponse-signature" id="ref-for-dom-authenticatorassertionresponse-signature②">signature</a></code> respectively.</p> </li> </ol> ``` ## Chrome In Chrome (120.0.6099.216 (Official Build) (64-bit)) this renders as: ![screenshot-2024-01-19T15:46:50+01:00](https://github.com/w3c/webauthn/assets/1367758/7a9dcd39-77cc-48cb-ab4d-53352812e7f6) ## Firefox In Firefox (121.0.1 (64-bit)) this renders as: ![screenshot-2024-01-19T15:47:34+01:00](https://github.com/w3c/webauthn/assets/1367758/010aa928-5a02-43d4-b609-dcbb92be9453) -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1913#issuecomment-1900564473 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 19 January 2024 14:54:04 UTC