Specify what an unknown type credential descriptor being ignored means

The spec describes that client platforms MUST ignore any PublicKeyCredentialDescriptor with an unknown type. However, there is no further specification about the case when this results in an empty allowCredentials. It must not be treated as an empty list. The client MUST return an error if none of the listed credentials can be used in allowCredentials. For instance, if all of the listed credentials have PublicKeyCredentialDescriptor with an unknown type, the client MUST throw NotAllowedError. Fixes #1748
w3c · Sep 18, 2023 · 5f47918 · 5f47918
1 parent 58d60d0
commit 5f47918
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -3529,6 +3529,8 @@ an assertion. Its {{PublicKeyCredentialRequestOptions/challenge}} member MUST be
             of [[#sctn-op-get-assertion]]).
 
         If not [=list/empty=], the client MUST return an error if none of the listed credentials can be used.
+        For instance, if all of the listed credentials have {{PublicKeyCredentialDescriptor}} with an unknown {{PublicKeyCredentialDescriptor/type}},
+        the client MUST throw "{{NotAllowedError}}".
 
         The list is ordered in descending order of preference: the first item in the list is the most
         preferred credential, and the last is the least preferred.