Examples show a DOMString passed to challenge, but it's a BufferSource

[jyasskin]

https://w3c.github.io/webauthn/#sample-registration shows:

var challenge = "Y2xpbWIgYSBtb3VudGFpbg";
var options = { timeoutSeconds: 300,  // 5 minutes
                excludeList: [],      // No excludeList
                extensions: {"webauthn.location": true}  // Include location information
                                               // in attestation
};

// Note: The following call will cause the authenticator to display UI.
webauthnAPI.makeCredential(userAccountInformation, cryptoParams, challenge, options)

But the third parameter to makeCredential() is a BufferSource, which has to be one of the ArrayBuffer-related types. Which did you intend?

I think it'd be possible to use (DOMString or BufferSource), and say that a DOMString is base64-decoded before it's used.

[vijaybh]

It was intended to be an ArrayBuffer, looks like we forgot to update the sample. It could be any ArrayBuffer related type, I don't think we care which one.