Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add requireResidentKey param to the invocation step of authenticatorMakeCredential #502

Merged
merged 19 commits into from
Jul 29, 2017
Merged

add requireResidentKey param to the invocation step of authenticatorMakeCredential #502

merged 19 commits into from
Jul 29, 2017

Conversation

AngeloKai
Copy link
Contributor

@AngeloKai AngeloKai commented Jun 23, 2017
edited by pr-preview bot
Loading

fixes #485

Preview | Diff

@AngeloKai AngeloKai added this to the WD-06 milestone Jun 23, 2017
@AngeloKai AngeloKai self-assigned this Jun 26, 2017
equalsJeffH
equalsJeffH reviewed Jun 27, 2017
View reviewed changes
Copy link
Contributor

@equalsJeffH equalsJeffH left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall this is a simple change and this PR addresses it.

Although, detail-wise, I suggest we have the argument lists for authenticator operations denoted in the #createCredential and #getAssertion algs match the lists, including ordering, as denoted in the Authenticator Operations.

Presently, in (5.2.1. The authenticatorMakeCredential operation)[https://w3c.github.io/webauthn/#op-make-cred], "The requireResidentKey parameter..." is listed last in the params list. I'd place it after the list of PublicKeyCredentialDescriptor objects, and before the "Extension data", and then have the param list here in in {#createCredential} step 24.3 match ordering-wise.

index.bs Outdated
@@ -28,7 +28,7 @@ Text Macro: RP Relying Party
Text Macro: RPS Relying Parties
Text Macro: INFORMATIVE <em>This section is not normative.</em>
Text Macro: WAC WebAuthn Client
Ignored Vars: op, alg, type, algorithm
Ignored Vars: op, alg, type, algorithm, authenticatorSelection
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why add authenticatorSelection here?

@nadalin nadalin modified the milestones: CR, WD-06 Jun 28, 2017
jyasskin
jyasskin reviewed Jun 28, 2017
View reviewed changes
index.bs Outdated
@@ -649,6 +649,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Otherwise, [=list/Append=] |C| to |excludeCredentialDescriptorList|.
1. [=In parallel=], invoke the [=authenticatorMakeCredential=] operation on |authenticator| with |rpId|,
|clientDataHash|, |options|.{{MakeCredentialOptions/rp}}, |options|.{{MakeCredentialOptions/user}},
<code>|options|.|authenticatorSelection|.{{AuthenticatorSelectionCriteria/requireResidentKey}}</code>,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can replace |authenticatorSelection| with {{MakeCredentialOptions/authenticatorSelection}} in order to remove it from Ignored Vars, but IM me if that gives you bikeshed errors.

@nadalin nadalin modified the milestones: WD-06, CR Jul 26, 2017
@equalsJeffH equalsJeffH mentioned this pull request Jul 28, 2017
Merged
equalsJeffH
equalsJeffH reviewed Jul 28, 2017
View reviewed changes
index.bs
1. If <code>|C|.{{transports}}</code> [=list/is not empty=], and |authenticator| is connected over a transport not
mentioned in <code>|C|.{{transports}}</code>, the client MAY [=continue=].
1. Otherwise, [=list/Append=] |C| to |excludeCredentialDescriptorList|.
1. [=In parallel=], invoke the [=authenticatorMakeCredential=] operation on |authenticator| with |rpId|,
|clientDataHash|, |options|.{{MakeCredentialOptions/rp}}, |options|.{{MakeCredentialOptions/user}},
|clientDataHash|, |options|.{{MakePublicKeyCredentialOptions/rp}}, |options|.{{MakePublicKeyCredentialOptions/user}},
<code>|options|.{{MakePublicKeyCredentialOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/requireResidentKey}}</code>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the param ordering here does not match the ordering down in Line 1556 thru 1559. I suggest they match ordering-wise. thx.

@equalsJeffH
Copy link
Contributor

Modulo my line-level comment above, this looks ok I think (am sorta rushed right now and the conflict-fixing added in a bunch of noise into the diff...)

@selfissued selfissued merged commit ef83674 into w3c:master Jul 29, 2017
@selfissued
Copy link
Contributor

Jeff. maybe I'm tired, but I couldn't figure out the ordering mismatch. Can you submit a PR fixing this and I'll quickly review it and approve it? Thanks.

WebAuthnBot pushed a commit that referenced this pull request Jul 29, 2017
Built by Travis-CI: ef83674 add requireResidentKey param to the invoc…
dd4b51e 
…ation step of authenticatorMakeCredential (#502)
@equalsJeffH equalsJeffH mentioned this pull request Aug 8, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyasskin jyasskin jyasskin left review comments

@equalsJeffH equalsJeffH equalsJeffH left review comments

@selfissued selfissued Awaiting requested review from selfissued

Assignees

@AngeloKai AngeloKai

Labels
None yet
Projects
None yet
Milestone
WD-06
Development

Successfully merging this pull request may close these issues.

requireResidentKey param missing from invocation of authenticatorMakeCredential
9 participants
@AngeloKai @equalsJeffH @selfissued @jyasskin @nadalin @rlin1 @jcjones @samuelweiler @ynojima