Bug 235421 - WebAuthn API Error message poorly written for missing pubKeyCredParams
Summary: WebAuthn API Error message poorly written for missing pubKeyCredParams
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari 15
Hardware: Mac (Intel) macOS 11
: P2 Minor
Assignee: j_pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks: 237109
  Show dependency treegraph
 
Reported: 2022-01-20 14:20 PST by Justin Lowery
Modified: 2022-05-26 14:47 PDT (History)
5 users (show)

See Also:


Attachments
Patch (1.98 KB, patch)
2022-02-22 16:36 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (3.58 KB, patch)
2022-02-23 09:38 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (3.51 KB, patch)
2022-02-23 13:33 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Lowery 2022-01-20 14:20:18 PST
Hello all,

After doing regression testing for our (ForgeRock) SDK and its WebAuthn implementation, we came across this error in Safari that was impossible to understand:

> No desired properties of the to be created credential are provided

The only thing that helped us figure out the underlying issue (after a Google search) was the code comment above this line of code in your Github repo: https://github.com/WebKit/webkit/blob/main/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp#L143. I would like to suggest that this error message be rewritten to help others find the cause of the error.

Thanks,

Justin
Comment 1 Radar WebKit Bug Importer 2022-01-21 08:24:23 PST
<rdar://problem/87884875>
Comment 2 j_pascoe@apple.com 2022-02-22 16:36:16 PST
Created attachment 452915 [details]
Patch
Comment 3 j_pascoe@apple.com 2022-02-23 09:38:33 PST
Created attachment 452991 [details]
Patch
Comment 4 Brent Fulgham 2022-02-23 10:06:41 PST
Comment on attachment 452991 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452991&action=review

> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:144
> +        promise.reject(Exception { NotSupportedError, "No desired properties of the to be created credential are provided (No valid values in options.pubKeyCredParams)."_s });

This message is strangely worded. Is it defined by a spec?

Actually, doesn't step 10 say [1]:

[... if options.pubKeyCredParams's size is zero]: "ero
Append the following pairs of PublicKeyCredentialType and COSEAlgorithmIdentifier values to credTypesAndPubKeyAlgs:

public-key and -7 ("ES256").
public-key and -257 ("RS256").

[1] "https://www.w3.org/TR/webauthn-2/#CreateCred-DetermineRpId
Comment 5 Brent Fulgham 2022-02-23 10:09:03 PST
Comment on attachment 452991 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452991&action=review

>> Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:144
>> +        promise.reject(Exception { NotSupportedError, "No desired properties of the to be created credential are provided (No valid values in options.pubKeyCredParams)."_s });
> 
> This message is strangely worded. Is it defined by a spec?
> 
> Actually, doesn't step 10 say [1]:
> 
> [... if options.pubKeyCredParams's size is zero]: "ero
> Append the following pairs of PublicKeyCredentialType and COSEAlgorithmIdentifier values to credTypesAndPubKeyAlgs:
> 
> public-key and -7 ("ES256").
> public-key and -257 ("RS256").
> 
> [1] "https://www.w3.org/TR/webauthn-2/#CreateCred-DetermineRpId

At any rate, maybe the message could be something like:

"Unable to create a credential because options.pubKeyCredParams is empty"?
Comment 6 j_pascoe@apple.com 2022-02-23 13:33:33 PST
Created attachment 453021 [details]
Patch
Comment 7 Brent Fulgham 2022-02-23 13:34:20 PST
Comment on attachment 453021 [details]
Patch

r=me
Comment 8 EWS 2022-02-23 14:34:58 PST
Committed r290392 (247706@main): <https://commits.webkit.org/247706@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 453021 [details].
Comment 9 Brent Fulgham 2022-05-26 14:47:10 PDT
This fix shipped with Safari 15.5 (all platforms).