Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix inconsistency in RP directions for credential transports
§7.1. Registering a New Credential, step 23 reads "This value SHOULD NOT be
modified", which conflicts with the definition of `getTransports()`: "The values
SHOULD be members of AuthenticatorTransport but Relying Parties MUST ignore
unknown values".
  • Loading branch information
emlun committed Jul 27, 2021
1 parent 33b0215 commit a36e38c
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions index.bs
Expand Up @@ -2399,7 +2399,7 @@ during registration.
:: This operation returns the {{COSEAlgorithmIdentifier}} of the new credential. See [[#sctn-public-key-easy]].

: <dfn>\[[transports]]</dfn>
:: This [=internal slot=] contains a sequence of zero or more unique {{DOMString}}s in lexicographical order. These values are the transports that the [=authenticator=] is believed to support, or an empty sequence if the information is unavailable. The values SHOULD be members of {{AuthenticatorTransport}} but [=[RPS]=] MUST ignore unknown values.
:: This [=internal slot=] contains a sequence of zero or more unique {{DOMString}}s in lexicographical order. These values are the transports that the [=authenticator=] is believed to support, or an empty sequence if the information is unavailable. The values SHOULD be members of {{AuthenticatorTransport}} but [=[RPS]=] SHOULD accept and store unknown values.
</div>

#### Easily accessing credential data #### {#sctn-public-key-easy}
Expand Down Expand Up @@ -4533,10 +4533,13 @@ In order to perform an [=authentication ceremony=], the [=[RP]=] MUST proceed as

If <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code> is present,
the {{PublicKeyCredentialDescriptor/transports}} member of each [=list/item=] SHOULD be set to
the value returned by
the value that was returned by
<code>|credential|.{{PublicKeyCredential/response}}.{{AuthenticatorAttestationResponse/getTransports()}}</code>
when the corresponding credential was registered.

Note: Modifying or removing [=list/items=] from values returned from {{AuthenticatorAttestationResponse/getTransports()}}
could negatively impact user experience, or even prevent use of the corresponding credentials.

1. Call {{CredentialsContainer/get()|navigator.credentials.get()}} and pass |options|
as the <code>{{CredentialRequestOptions/publicKey}}</code> option.
Let |credential| be the result of the successfully resolved promise.
Expand Down

0 comments on commit a36e38c

Please sign in to comment.