Comments (3)
Extension results could contain responses to extensions specified in attestation or assertion options that the RP is interested in. Getting the results to the RP is the responsibility of @simplewebauthn/browser; what the RP does with the values afterwards is beyond scope.
PublicKeyCredential
, which AttestationCredential
and AssertionCredential
are sub-interfaces of, has a method getClientExtensionResults()
defined on it in TypeScript's DOM lib, which is typed to always return something, even if it's an empty object. I want to define as much as I can in the context of the DOM lib, so I don't think it's appropriate to layer on additional logic of when to include these extension results - if TypeScript says something will always be returned (as it should given the definition of the method in the spec: https://w3c.github.io/webauthn/#iface-pkcredential) then I'm choosing to follow that.
Is specifying an empty object for clientExtensionResults
not feasible in your situation? That should be sufficient to get past any typing issues that come up as a result of this.
from simplewebauthn.
What I meant is that similarly to transports there are just optional values that may be used by the relying party. What I'm doing now is passing an empty object manually to the verify function which looks pretty useless code ^^
from simplewebauthn.
I keep going back and forth on this one. I think right now I'm going to leave things as-is because to make results optional would technically involve a breaking API change for implementations that rely on that value being populated.
I'm closing this ticket for now, but I'll revisit this decision in the future when next I have a more substantial release that will make breaking chances.
from simplewebauthn.
Related Issues (20)
- Type error HOT 4
- 8.3.4 fails to build for edge deployment HOT 3
- Wallix webauthn lib HOT 2
- Bun runtime TypeError HOT 1
- Example is broken with "User verification required, but user could not be verified" HOT 2
- Custom challenge not correctly decoded in expectedChallenge HOT 8
- Invalid passkey when authenticating from native iOS passkey data HOT 2
- No support for Bitwarden extension as an authenticator HOT 2
- Getting the error "Cannot get schema for 'ECDSASigValue2' target" when calling verifyAuthenticationResponse HOT 3
- largeBlob support? HOT 1
- Support other mediation options HOT 2
- Erroring during verifying of passkey HOT 13
- VerifiedRegistrationResponse type missing transports attribute HOT 3
- failed test in packages/server HOT 4
- generateRegistrationOptions's `excludeCredentials` is returning empty string for each id HOT 1
- extractStrings is not a function HOT 3
- `pubKeyCredParams` field not properly functioning w/ non ES256 Algos on register HOT 2
- Unable to Register a Passkey Using a PIN Code HOT 2
- RFC: Rename @simplewebauthn/typescript-types to something shorter HOT 3
- Treat all custom string challenges as UTF-8 strings
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplewebauthn.