Comments (6)
https://www.w3.org/TR/webauthn-3/#dictionary-makecredentialoptions
"""
user, of type PublicKeyCredentialUserEntity
This member contains names and an identifier for the [user account](https://www.w3.org/TR/webauthn-3/#user-account) performing the [registration](https://www.w3.org/TR/webauthn-3/#registration).
Its value’s [name](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialentity-name), [displayName](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialuserentity-displayname) and [id](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialuserentity-id) members are REQUIRED.
"""
When used in a make credential, name and displayName are required per the above.
Webauthn in general is a poorly written and confusing specification.
from webauthn-rs.
Accidentally close, sorry.
from webauthn-rs.
I think per the spec we must enforce the name is set.
from webauthn-rs.
I'm with you that they should be set according to spec. Yet any string, even an empty string, SHOULD be a possible value.
from webauthn-rs.
The spec also used to let you strip and disregard UV in a lot of cases until the spec was updated to "strongly advise" people to check that. It wouldn't be the first time we've been stricter then the spec, and then the spec updates to reflect what this library does. So I'd rather be strict here, inspite of the spec. A string must have a non-empty value.
from webauthn-rs.
Fine. I'll keep a change around then. Too many UIs behave wildly different depending on the set name/display name properties and for our use case we have 0 identifiers of a user to put into these fields and don't want to add friction with an additional step.
from webauthn-rs.
Related Issues (20)
- Enforcing Timeouts in webauthn-rs HOT 1
- Epic: 5.0 release
- Application stops without any error message in build phase when running in docker container HOT 12
- Start the flow without creating unique_user_id? HOT 1
- Actix tutorial fails to finish registration in Safari HOT 3
- Google Titan Security Key USB-C/NFC fails some compatibility tests HOT 9
- Add EdDSA capabilities HOT 13
- Verifying CredentialID has not been previously registered and updating credential HOT 38
- Conditional compilation of webauthn_rs_core::attestation::verify_attestation_ca_chain HOT 5
- No getTransports when attesting a security key HOT 3
- [Discussion] What order should COSEAlgorithms be in secure_algs and all_possible_algs?
- Fixup clippy 1.75 lints (get_first)
- CredProps::rk should be public HOT 1
- `libssl.so.1.1` no such file or directory HOT 1
- Pure Rust cryptography backend HOT 5
- Build breaks on MSRV due to transitive dependency on bumpalo which exceeds our MSRV
- Missing enum variant of `AuthenticatorTransport` causes error on android HOT 2
- `danger_set_user_presence_only_security_keys()` seems not to be working HOT 2
- Dependency on old compact_jwt revision HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn-rs.