client extension results field name is unclear

[Firstyear]

Proposed Change

https://www.w3.org/TR/webauthn-2/#idl-index

The issue with this interface is that no where in the IDL do we specify the name of the struct member that holds https://www.w3.org/TR/webauthn-2/#dictdef-authenticationextensionsclientoutputs for an attest or auth result. Because of this, it's up to implementers to "work it out" and name a member of publicKeyCredential to hold the extensions output for serialisation and transmission.

Due to this for a long time we worked quite happily with the struct member name "extensions" but MDN defines this as clientExtensionResults.

The IDL and specification needs to clearly spell out how a clientExtensionResult should be serialised and to what value name it is attached to.

The only hint that this field might be named clientExtensionResult is here:

https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion

Let clientExtensionResults be the result of calling credential.[getClientExtensionResults()](https://www.w3.org/TR/webauthn-2/#dom-publickeycredential-getclientextensionresults).

But this doesn't indicate that it is credential.clientExtensionResults, only that some nebulous clientExtensionResults value now exists and needs to be sent to the RP.

Alternately, the argument is that the communication between the javascript of the rp and the rp itself is up to the rp to define that layer, and so clientExtensionResults can be named whatever you want. This makes it harder for someone to bring their own JS to a library like webauthn-rust where they expect a standard name for this field.

An example of where we do this correctly is https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrequestoptions which clearly spells out what dict member the extensions requests belongs to.