Document registration exceptions

w3c · May 1, 2024 · 08c5f8d · 08c5f8d
1 parent fb8d620
commit 08c5f8d
Showing 1 changed file with 21 additions and 11 deletions.
diff --git a/index.bs b/index.bs
@@ -2204,32 +2204,42 @@ authorizing an authenticator.
 
 #### Registration API Exceptions
 
-[=[RP]=]'s should prepare to encounter the following {{DOMException|DOMExceptions}} from a call to {{CredentialsContainer/create()|navigator.credentials.create()}}:
+[=[WRPS]=] can encounter the following {{DOMException|DOMExceptions}} from a call to {{CredentialsContainer/create()|navigator.credentials.create()}}. Some errors can have multiple reasons for why they happened, requiring the [=[WRPS]=] to infer the actual reason based on their use of WebAuthn:
 
 <dl dfn-type="argument" dfn-for="Registration API Exceptions">
     :   <dfn>AbortError</dfn>
-    ::  Definition here
+    ::  The ceremony was cancelled via an {{AbortController}}
+        (see [[#sctn-abortoperation]] and [[#sctn-sample-aborting]] for more information.)
 
     :   <dfn>ConstraintError</dfn>
-    ::  Definition here
+    ::  Either {{residentKey}} was set to "{{ResidentKeyRequirement/required}}" and no available authenticator supported resident keys,
+        or {{userVerification}} was set to "{{UserVerificationRequirement/required}}" and no available authenticator could perform [=user verification=].
 
     :   <dfn>InvalidStateError</dfn>
-    ::  Definition here
-
-    :   <dfn>{{NotAllowedError}}</dfn>
-    ::  Definition here
+    ::  The authenticator used in the ceremony recognized an entry in {{excludeCredentials}}
+        after the user [=user consent|consented=] to registering a credential.
 
     :   <dfn>NotSupportedError</dfn>
-    ::  Definition here
+    ::  No entry in {{PublicKeyCredentialCreationOptions/pubKeyCredParams}} had a `type` property of "{{PublicKeyCredentialType/public-key}}",
+        or the [=authenticator=] did not support any of the specified cryptographic parameters in {{PublicKeyCredentialCreationOptions/pubKeyCredParams}}.
 
     :   <dfn>SecurityError</dfn>
-    ::  Definition here
+    ::  The [=effective domain=] was not a [=valid domain=],
+        or {{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialRpEntity/id}} was not a registrable domain suffix of nor was equal to the [=effective domain=].
 
     :   <dfn>TypeError</dfn>
-    ::  Definition here
+    ::  The value of {{PublicKeyCredentialCreationOptions/user}}.{{PublicKeyCredentialUserEntity/id}} was not between 1 and 64 bytes (inclusive.)
 
     :   <dfn>UnknownError</dfn>
-    ::  Definition here
+    ::  The [=authenticator=] could not process the supplied options,
+        or encountered an error while creating the new credential object.
+
+    :   <dfn>{{NotAllowedError}}</dfn>
+    ::  A catch-all error covering a wide range of possible reasons,
+        including common ones like the user canceling out of the ceremony.
+        Some of these causes are documented throughout this spec,
+        while others are client-specific.
+
 </dl>
 
 ### Use an Existing Credential to Make an Assertion - PublicKeyCredential's `[[Get]](options)` Method ### {#sctn-getAssertion}