From 5f4791806a2c9514dbf3260322bc4f3c89271689 Mon Sep 17 00:00:00 2001 From: Amos Lim Date: Tue, 19 Sep 2023 00:17:46 +0900 Subject: [PATCH] Specify what an unknown type credential descriptor being ignored means The spec describes that client platforms MUST ignore any PublicKeyCredentialDescriptor with an unknown type. However, there is no further specification about the case when this results in an empty allowCredentials. It must not be treated as an empty list. The client MUST return an error if none of the listed credentials can be used in allowCredentials. For instance, if all of the listed credentials have PublicKeyCredentialDescriptor with an unknown type, the client MUST throw NotAllowedError. Fixes #1748 --- index.bs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/index.bs b/index.bs index 71becc495..bc43dc72e 100644 --- a/index.bs +++ b/index.bs @@ -3529,6 +3529,8 @@ an assertion. Its {{PublicKeyCredentialRequestOptions/challenge}} member MUST be of [[#sctn-op-get-assertion]]). If not [=list/empty=], the client MUST return an error if none of the listed credentials can be used. + For instance, if all of the listed credentials have {{PublicKeyCredentialDescriptor}} with an unknown {{PublicKeyCredentialDescriptor/type}}, + the client MUST throw "{{NotAllowedError}}". The list is ordered in descending order of preference: the first item in the list is the most preferred credential, and the last is the least preferred.