You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the Note that PR #1326 inserts into the spec explains the purpose of the UV gesture solicited in the authenticatorMakeCredential() operation when there are match(es) in the |excludeCredentialDescriptorList|. Essentially, we're explaining in the (new) Note that: "if the RP gets an invalidStateError back from a nav.creds.Create() call, they can do something user-helpful with that info".
However, this guidance for the RP is buried in "Note:"s in spec sections that we are not suggesting RP devs read (i.e., in the spec roadmap).
Additionally, our "RP Ops - registering a new cred" section only says "abort the ceremony with a user-visible error" if an error is returned from Create().
the Note that PR #1326 inserts into the spec explains the purpose of the UV gesture solicited in the
authenticatorMakeCredential()
operation when there are match(es) in the|excludeCredentialDescriptorList|
. Essentially, we're explaining in the (new) Note that: "if the RP gets aninvalidStateError
back from a nav.creds.Create() call, they can do something user-helpful with that info".However, this guidance for the RP is buried in "Note:"s in spec sections that we are not suggesting RP devs read (i.e., in the spec roadmap).
Additionally, our "RP Ops - registering a new cred" section only says "abort the ceremony with a user-visible error" if an error is returned from Create().
Seems like we ought to provide more guidance to the RP reader. Perhaps add this to the "rp operations - registering a new cred" section ?
Are there also similar RP considerations for "RP Ops - verifying an authentication assertion" we ought to add to the latter section?
The text was updated successfully, but these errors were encountered: