webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Add examples for PRF extension

Open akshayku opened this issue 1 year ago • 1 comments

Proposed Change

Multiple people who are implementing PRF extensions have got the implementation wrong regarding extension fields in request and response.

We have to add some examples for this extension.

akshayku avatar Jun 26 '24 19:06 akshayku

I've got a sample prf tester HTML doc in a gist that has seemed to survive scrutiny so far (or maybe it's the reason why people are doing prf incorrectly 😅)

https://gist.github.com/MasterKale/dbe39a01438251f0cbd55576304731fd

Anything in here we might want to borrow? That said there are plenty of footguns with prf and so if we do include examples we should include plenty of disclaimers that e.g. deleting a passkey permanently prevents access to anything protected by that passkey's corresponding PRF bytes.

MasterKale avatar Jun 26 '24 19:06 MasterKale

Related:

  • https://github.com/w3c/webauthn/issues/1633

emlun avatar Jul 17 '24 18:07 emlun

From WG Meeting @ 7/17: Examples of using PRF seem more applicable as either test vectors or as externally produced documentation. Let's bucket this as something to address as part of #1633.

MasterKale avatar Jul 17 '24 18:07 MasterKale

@akshayku Need PR open

nadalin avatar Aug 14 '24 18:08 nadalin