webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Make PublicKeyCredentialRequestOptions.rpId a DOMString

Open zacknewman opened this issue 9 months ago • 3 comments

Both PublicKeyCredentialRpEntity.id and PublicKeyCredentialRequestOptions.rpId represent the same thing (i.e., RP ID); however the former is modeled as a DOMString while the latter is modeled as a USVString. These should be the same type. Specifically PublicKeyCredentialRequestOptions.rpId should be a DOMString as well or PublicKeyCredentialRpEntity.id should be a USVString. Should be noted that PublicKeyCredentialRequestOptionsJSON.rpId is already a DOMString.

zacknewman avatar May 03 '24 16:05 zacknewman

Thanks for pointing this out!

2024-05-15 WG call: Agreed we should change PublicKeyCredentialRpEntity.id to USVString. Strictly speaking this is a breaking change (changing a type bound in input (contravariant) position to be more restrictive), but in practice this shouldn't be able to break any applications since then those credentials wouldn't have worked in get() anyway.

@jschanck Seeing as Firefox is the browser that makes the most actual use of WebIDL - would changing PublicKeyCredentialRpEntity.id to USVString be a problem for Firefox?

emlun avatar May 15 '24 20:05 emlun

No, that wouldn't be a problem.

jschanck avatar May 15 '24 21:05 jschanck

PublicKeyCredentialRequestOptionsJSON.rpId should also be changed to a USVString too.

zacknewman avatar May 15 '24 21:05 zacknewman