RESOLVED FIXED 235421
WebAuthn API Error message poorly written for missing pubKeyCredParams 
https://bugs.webkit.org/show_bug.cgi?id=235421
Summary WebAuthn API Error message poorly written for missing pubKeyCredParams
Justin Lowery
Reported 2022-01-20 14:20:18 PST
Hello all, After doing regression testing for our (ForgeRock) SDK and its WebAuthn implementation, we came across this error in Safari that was impossible to understand: > No desired properties of the to be created credential are provided The only thing that helped us figure out the underlying issue (after a Google search) was the code comment above this line of code in your Github repo: https://github.com/WebKit/webkit/blob/main/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp#L143. I would like to suggest that this error message be rewritten to help others find the cause of the error. Thanks, Justin
Attachments
Patch (1.98 KB, patch)
2022-02-22 16:36 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (3.58 KB, patch)
2022-02-23 09:38 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (3.51 KB, patch)
2022-02-23 13:33 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-01-21 08:24:23 PST
<rdar://problem/87884875>
pascoe@apple.com
Comment 2 2022-02-22 16:36:16 PST
Created attachment 452915 [details] Patch
pascoe@apple.com
Comment 3 2022-02-23 09:38:33 PST
Created attachment 452991 [details] Patch
Brent Fulgham
Comment 4 2022-02-23 10:06:41 PST
Comment on attachment 452991 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=452991&action=review > Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:144 > + promise.reject(Exception { NotSupportedError, "No desired properties of the to be created credential are provided (No valid values in options.pubKeyCredParams)."_s }); This message is strangely worded. Is it defined by a spec? Actually, doesn't step 10 say [1]: [... if options.pubKeyCredParams's size is zero]: "ero Append the following pairs of PublicKeyCredentialType and COSEAlgorithmIdentifier values to credTypesAndPubKeyAlgs: public-key and -7 ("ES256"). public-key and -257 ("RS256"). [1] "https://www.w3.org/TR/webauthn-2/#CreateCred-DetermineRpId
Brent Fulgham
Comment 5 2022-02-23 10:09:03 PST
Comment on attachment 452991 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=452991&action=review >> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:144 >> + promise.reject(Exception { NotSupportedError, "No desired properties of the to be created credential are provided (No valid values in options.pubKeyCredParams)."_s }); > > This message is strangely worded. Is it defined by a spec? > > Actually, doesn't step 10 say [1]: > > [... if options.pubKeyCredParams's size is zero]: "ero > Append the following pairs of PublicKeyCredentialType and COSEAlgorithmIdentifier values to credTypesAndPubKeyAlgs: > > public-key and -7 ("ES256"). > public-key and -257 ("RS256"). > > [1] "https://www.w3.org/TR/webauthn-2/#CreateCred-DetermineRpId At any rate, maybe the message could be something like: "Unable to create a credential because options.pubKeyCredParams is empty"?
pascoe@apple.com
Comment 6 2022-02-23 13:33:33 PST
Created attachment 453021 [details] Patch
Brent Fulgham
Comment 7 2022-02-23 13:34:20 PST
Comment on attachment 453021 [details] Patch r=me
EWS
Comment 8 2022-02-23 14:34:58 PST
Committed r290392 (247706@main): <https://commits.webkit.org/247706@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 453021 [details].
Brent Fulgham
Comment 9 2022-05-26 14:47:10 PDT
This fix shipped with Safari 15.5 (all platforms).
Note You need to log in before you can comment on or make changes to this bug.