Skip to content

RP guidance for invalidStateError returned from [[Create]]() #1331

@equalsJeffH

Description

@equalsJeffH

the Note that PR #1326 inserts into the spec explains the purpose of the UV gesture solicited in the authenticatorMakeCredential() operation when there are match(es) in the |excludeCredentialDescriptorList|. Essentially, we're explaining in the (new) Note that: "if the RP gets an invalidStateError back from a nav.creds.Create() call, they can do something user-helpful with that info".

However, this guidance for the RP is buried in "Note:"s in spec sections that we are not suggesting RP devs read (i.e., in the spec roadmap).

Additionally, our "RP Ops - registering a new cred" section only says "abort the ceremony with a user-visible error" if an error is returned from Create().

Seems like we ought to provide more guidance to the RP reader. Perhaps add this to the "rp operations - registering a new cred" section ?

Are there also similar RP considerations for "RP Ops - verifying an authentication assertion" we ought to add to the latter section?

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions