Bug 241517
| Summary: | [webauthn] Enums should be DOMStrings | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Nina Satragno <nsatragno> |
| Component: | WebKit Misc. | Assignee: | pascoe <pascoe> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | pascoe, timcappalli, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 242960 | ||
Nina Satragno
WebAuthn enums should be DOMStrings instead, see the discussion on the spec [1]. If a value is not valid, it should be treated as not present (which usually means it should be converted into the default). This applies to AuthenticatorAttachment, ResidentKeyRequirement, UserVerificationRequirement, and AttestationConveyancePreference.
The spec does not prescribe this, but it might be worth issuing a warning if an unknown value is detected to aid debugging.
Example code:
navigator.credentials.create({
publicKey: {
challenge: new Uint8Array(),
authenticatorSelection: {
authenticatorAttachment: "not a valid member",
},
rp: { name: "rp" },
user: { displayName: "display", name: "user", id: new Uint8Array() },
pubKeyCredParams: [],
}
})
This throws TypeError but it should instead be equivalent to having an empty authenticatorAttachment, and maybe issue a warning instead.
[1] https://github.com/w3c/webauthn/issues/1738
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/94835072>
pascoe@apple.com
We can remove AuthenticatorTransport::Cable after this.
pascoe@apple.com
Pull request: https://github.com/WebKit/WebKit/pull/2143
EWS
Committed 252298@main (0ed0c27171ac): <https://commits.webkit.org/252298@main>
Reviewed commits have been landed. Closing PR #2143 and removing active labels.