search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.19k stars 172 forks source link

Make PublicKeyCredentialRequestOptions.rpId a DOMString #2066

Closed zacknewman closed 3 months ago

zacknewman commented 6 months ago

Both PublicKeyCredentialRpEntity.id and PublicKeyCredentialRequestOptions.rpId represent the same thing (i.e., RP ID); however the former is modeled as a DOMString while the latter is modeled as a USVString. These should be the same type. Specifically PublicKeyCredentialRequestOptions.rpId should be a DOMString as well or PublicKeyCredentialRpEntity.id should be a USVString. Should be noted that PublicKeyCredentialRequestOptionsJSON.rpId is already a DOMString.

emlun commented 6 months ago

Thanks for pointing this out!

2024-05-15 WG call: Agreed we should change PublicKeyCredentialRpEntity.id to USVString. Strictly speaking this is a breaking change (changing a type bound in input (contravariant) position to be more restrictive), but in practice this shouldn't be able to break any applications since then those credentials wouldn't have worked in get() anyway.

@jschanck Seeing as Firefox is the browser that makes the most actual use of WebIDL - would changing PublicKeyCredentialRpEntity.id to USVString be a problem for Firefox?

jschanck commented 6 months ago

No, that wouldn't be a problem.

zacknewman commented 6 months ago

PublicKeyCredentialRequestOptionsJSON.rpId should also be changed to a USVString too.