Bug 241517

Summary: [webauthn] Enums should be DOMStrings
Product: WebKit Reporter: Nina Satragno <nsatragno>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: pascoe, tim.cappalli, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 242960    

Description Nina Satragno 2022-06-10 13:00:38 PDT
WebAuthn enums should be DOMStrings instead, see the discussion on the spec [1]. If a value is not valid, it should be treated as not present (which usually means it should be converted into the default). This applies to AuthenticatorAttachment, ResidentKeyRequirement, UserVerificationRequirement, and AttestationConveyancePreference.

The spec does not prescribe this, but it might be worth issuing a warning if an unknown value is detected to aid debugging.

Example code:

navigator.credentials.create({
    publicKey: {
        challenge: new Uint8Array(),
        authenticatorSelection: {
            authenticatorAttachment: "not a valid member",
        },
        rp: { name: "rp" },
        user: { displayName: "display", name: "user", id: new Uint8Array() },
        pubKeyCredParams: [],
    }
})

This throws TypeError but it should instead be equivalent to having an empty authenticatorAttachment, and maybe issue a warning instead.

[1] https://github.com/w3c/webauthn/issues/1738
Comment 1 Radar WebKit Bug Importer 2022-06-10 13:04:45 PDT
<rdar://problem/94835072>
Comment 2 pascoe@apple.com 2022-06-16 15:50:29 PDT
We can remove AuthenticatorTransport::Cable after this.
Comment 3 pascoe@apple.com 2022-07-06 16:36:52 PDT
Pull request: https://github.com/WebKit/WebKit/pull/2143
Comment 4 EWS 2022-07-08 15:26:42 PDT
Committed 252298@main (0ed0c27171ac): <https://commits.webkit.org/252298@main>

Reviewed commits have been landed. Closing PR #2143 and removing active labels.