Bug 241517 - [webauthn] Enums should be DOMStrings
Summary: [webauthn] Enums should be DOMStrings
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: j_pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks: 242960
  Show dependency treegraph
 
Reported: 2022-06-10 13:00 PDT by Nina Satragno
Modified: 2022-08-29 13:33 PDT (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nina Satragno 2022-06-10 13:00:38 PDT
WebAuthn enums should be DOMStrings instead, see the discussion on the spec [1]. If a value is not valid, it should be treated as not present (which usually means it should be converted into the default). This applies to AuthenticatorAttachment, ResidentKeyRequirement, UserVerificationRequirement, and AttestationConveyancePreference.

The spec does not prescribe this, but it might be worth issuing a warning if an unknown value is detected to aid debugging.

Example code:

navigator.credentials.create({
    publicKey: {
        challenge: new Uint8Array(),
        authenticatorSelection: {
            authenticatorAttachment: "not a valid member",
        },
        rp: { name: "rp" },
        user: { displayName: "display", name: "user", id: new Uint8Array() },
        pubKeyCredParams: [],
    }
})

This throws TypeError but it should instead be equivalent to having an empty authenticatorAttachment, and maybe issue a warning instead.

[1] https://github.com/w3c/webauthn/issues/1738
Comment 1 Radar WebKit Bug Importer 2022-06-10 13:04:45 PDT
<rdar://problem/94835072>
Comment 2 j_pascoe@apple.com 2022-06-16 15:50:29 PDT
We can remove AuthenticatorTransport::Cable after this.
Comment 3 j_pascoe@apple.com 2022-07-06 16:36:52 PDT
Pull request: https://github.com/WebKit/WebKit/pull/2143
Comment 4 EWS 2022-07-08 15:26:42 PDT
Committed 252298@main (0ed0c27171ac): <https://commits.webkit.org/252298@main>

Reviewed commits have been landed. Closing PR #2143 and removing active labels.