[webauthn] Clarify WebAuthn spec to allow us to return an error to RP when it makes sense from Christiaan Brand via GitHub on 2018-06-15 (public-webauthn@w3.org from June 2018)

From: Christiaan Brand via GitHub <sysbot+gh@w3.org>
Date: Fri, 15 Jun 2018 23:31:08 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-332939996-1529105467-sysbot+gh@w3.org>

christiaanbrand has just created a new issue for https://github.com/w3c/webauthn:

== Clarify WebAuthn spec to allow us to return an error to RP when it makes sense ==
I believe that right now, if a list of credentialIDs (with corresponding transports) gets sent to the client, and the client's isn't able to satisfy the request (let's say, all the credentialIDs referenced BLE as the only transport, but the platform doesn't support BLE), the client should be allowed to show an informative error to the user, and return an error to the RP. I think right now the spec says the client has to time the request out, but that seems subpar from a UX point of view.

Note that this is similar to the case where an RP is only looking for built-in credentials, and no credentialIDs that match is found on the platform. In this case we already said we're going to show an error to the user, and report an error back to the RP. This is just an extension of that use case.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/953 using your GitHub account

Received on Friday, 15 June 2018 23:31:10 UTC