[webauthn] PublicKeyCredential.getClientCapabilities() - clarify required permission (#2251) from Hamish Willee via GitHub on 2025-01-31 (public-webauthn@w3.org from January 2025)

From: Hamish Willee via GitHub <sysbot+gh@w3.org>
Date: Fri, 31 Jan 2025 03:22:14 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2822351445-1738293732-sysbot+gh@w3.org>

hamishwillee has just created a new issue for https://github.com/w3c/webauthn:

== PublicKeyCredential.getClientCapabilities() - clarify required permission ==
`PublicKeyCredential.getClientCapabilities()` [spec](https://w3c.github.io/webauthn/#sctn-getClientCapabilities) says:

> Note: Invoking this method from a [browsing context](https://html.spec.whatwg.org/multipage/browsers.html#browsing-context) where the [Web Authentication API](https://w3c.github.io/webauthn/#web-authentication-api) is "disabled" according to the [allowed to use](https://html.spec.whatwg.org/multipage/iframe-embed-object.html#allowed-to-use) algorithm—i.e., by a [permissions policy](https://html.spec.whatwg.org/multipage/dom.html#concept-document-permissions-policy)—will result in the promise being rejected with a [DOMException](https://webidl.spec.whatwg.org/#idl-DOMException) whose name is "[NotAllowedError](https://webidl.spec.whatwg.org/#notallowederror)". See also [§ 5.9 Permissions Policy integration](https://w3c.github.io/webauthn/#sctn-permissions-policy).

However the API is gated by two permissions, and they are quite specific to either creation or fetching credentials. Can you clarify whether it is one permission or both that gates access to this method?

This is for MDN docs for the method https://github.com/mdn/content/issues/37516





Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2251 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 31 January 2025 03:22:15 UTC