webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON

Open jschanck opened this issue 1 year ago • 0 comments

Section 5.1.9 on the parseCreationOptionsFromJSON method states that

any DOMString attributes in PublicKeyCredentialCreationOptionsJSON that correspond to buffer source type attributes in PublicKeyCredentialCreationOptions. This conversion MUST also apply to any client extension inputs processed by the client.

While the expected behavior is reasonably clear, AuthenticationExtensionsClientInputsJSON is defined as the empty dictionary and no extensions currently modify it.

Proposed Change

Every partial dictionary that modifies AuthenticationExtensionsClientInputs or AuthenticationExtensionsClientOutputs should have a matching partial dictionary that modifies AuthenticationExtensionsClientInputsJSON or AuthenticationExtensionsClientOutputsJSON.

Also, as "the conversion" happens before extensions are "processed by the client", the second sentence quoted above should be something like:

This conversion MUST also apply to any client extension inputs supported by the client.

jschanck avatar Sep 20 '23 15:09 jschanck