-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Processing model for extensions is very underdefined #270
Comments
This applies to https://w3c.github.io/webauthn/#getAssertion step 4 too. |
* Make makeCredential() more precise. I've linked a lot more terms, reordered explanations to be clearer, and specified some missing behavior. This fixes #273 and improves #270. * Treat rpId as an origin. * Go parallel later in makeCredential(). This fixes #263 and fixes half of #254. * Fix #265. * Fix #266. * Fix annevk's and equalsJeffH's comments. * Refer to #362. * Improve processing of unsupported extensions.
Recording another couple missing bits in the extension processing model:
This is not a complete list of places where the input, output, and important utility operations are underdefined for extension algorithms. Someone who cares about extensions should re-read their use and definitions and file bugs for problems similar to the above. |
PR #389 Addresses the error handling aspects of this and defines a default extension result value so that callers can know that the extension was processed. |
…e TypeError, per @jyasskin (#389) Major polishing of definition and exposition of extensions by selfissued - yay, thx! includes: * Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin * Added client data descriptions to all extensions. Accepted suggestions by @jyasskin and @vijaybh. * Addressed comments by @jyasskin in issue #270 * Gave distinct names to extension inputs and outputs to make descriptions more precise. * Corrected indexing errors * Addressed additional comments by Jeff Hodges and Jeffrey Yasskin
The extension processing model is now longer very undefined, now that PR #389 has been merged in. We will still find and fix nits (for instance, the JSON string vs. DOMString issue that @jyasskin just pointed out), but we should file other issues for these as we find them and fix them in different PRs. |
I'm not sure how well this can really be specified, but...
https://w3c.github.io/webauthn/#dom-webauthentication-makecredential step 7 says:
It's not clear what that means. Can "an error" include ES exceptions? I see no reason it can't, but then should those be caught or reported?
The text was updated successfully, but these errors were encountered: