[Webkit-unassigned] [Bug 232977] _WKWebAuthenticationPanel should expose a way to encode CTAP commands

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 12 09:03:22 PST 2021


--- Comment #9 from Garrett Davidson <garrett_davidson at apple.com> ---
> Any reason we can't do this?

Sorry I thought I replied inline on the old patch but I'm not sure what happened to it.

Part of the WebAuthn API contract is that the caller needs the original clientDataJSON back, which is used during signature verification, so the full value needs to be exposed anywhere a command is encoded. That said, _WKWebAuthenticationPanel could definitely start using AuthenticatorCoordinator::produceClientDataJson internally instead of having its own copy, and/or the other methods on _WKWebAuthenticationPanel could accept a full clientDataJSON as well. I think those would both be independent of this change though.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211112/f9043d91/attachment.htm>

More information about the webkit-unassigned mailing list