-
Notifications
You must be signed in to change notification settings - Fork 210
Description
the Note that PR #1326 inserts into the spec explains the purpose of the UV gesture solicited in the authenticatorMakeCredential()
operation when there are match(es) in the |excludeCredentialDescriptorList|
. Essentially, we're explaining in the (new) Note that: "if the RP gets an invalidStateError
back from a nav.creds.Create() call, they can do something user-helpful with that info".
However, this guidance for the RP is buried in "Note:"s in spec sections that we are not suggesting RP devs read (i.e., in the spec roadmap).
Additionally, our "RP Ops - registering a new cred" section only says "abort the ceremony with a user-visible error" if an error is returned from Create().
Seems like we ought to provide more guidance to the RP reader. Perhaps add this to the "rp operations - registering a new cred" section ?
Are there also similar RP considerations for "RP Ops - verifying an authentication assertion" we ought to add to the latter section?