JayHelton
commented
3 years ago This is a great idea and a good step forward for developer experience!
Closed MasterKale closed 3 years ago
JayHelton
commented
3 years ago This is a great idea and a good step forward for developer experience!
MaKleSoft
commented
3 years ago Seconded! 👍 The terms "attestation" and "assertion" did throw me off a bit in the beginning, and although it's not a huge deal since the ergonomics of the library are so great overall, it's still a step in the right direction I think.
JayHelton
commented
3 years ago Ill start tackling this! 🚀
MasterKale
commented
3 years ago Don't mind my removing the milestone from this issue. I'm still learning about milestones and it's making more sense to me that PR's get tagged with milestones, while Issues get linked to milestones by the PR that addresses.
Suffice to say this renaming effort is still slated for v4.0.0 :v:
JayHelton
commented
3 years ago @MasterKale what are your thoughts on the renaming of this type? https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/assertion/verifyAssertionResponse.ts#L203
I keep going back and forth on whether to rename it.
MasterKale
commented
3 years ago @MasterKale what are your thoughts on the renaming of this type? https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/assertion/verifyAssertionResponse.ts#L203
I keep going back and forth on whether to rename it.
The phrase "Verified Authentication" doesn't feel too foreign to me, so I think it'd be okay to rename that. Or maybe go all out and rename it to VerifiedAuthenticationResponse...
verifyAuthenticationResponse() returns a verified authentication response"verifyAuthenticationResponse() returns a verified authentication"I think VerifiedAuthenticationResponse is the way to go. That'd mean a VerifiedRegistrationResponse renaming for its counterpart, which sounds fine to me too.
MasterKale
commented
3 years ago This issue has been resolved in v4.0.0! A huge thank you to @JayHelton for your help in making this rename happen! 🙇
I've come a long way in my understanding of WebAuthn since initially launching SimpleWebAuthn. As an active participant in the WebAuthn working groups I also find myself in a position to influence how others think about WebAuthn, and in what terminology they use when speaking about use of its capabilities.
In an effort to unify on terminology that the working group strives to have others use, I've decided to rename methods and types in an effort to make it simpler to understand what's used when.
APIs - @simplewebauthn/server
Registration
Methods involving the registration of authenticators for a particular user are currently under the "attestation" umbrella. As I've come to learn attestation is a property of certain kinds of registration responses (ones containing attestation statements, for example). As such, I aim to perform the following rename of these methods (and implicitly any related types):
generateAttestationOptions()->generateRegistrationOptions()verifyAttestationResponse()->verifyRegistrationResponse()Authentication
"Assertions" come out of authentication ceremonies. I think it's simpler (heh) to map "authentication" as something a user does when they want to log in, versus trying to remember that "assertion" which sounds like "attestation" is for logging a user in. As such, I plan on performing the following renaming as well (along with any related types):
generateAssertionOptions()->generateAuthenticationOptions()verifyAssertionResponse()->verifyAuthenticationResponse()APIs - @simplewebauthn/browser
There are fewer methods exported out of browser so I'll just list all the renames here:
startAttestation()->startRegistration()startAssertion()->startAuthentication()Types
Types exported from server and typescript-types will need to be renamed as well for consistency's sake.