[Webkit-unassigned] [Bug 258911] New: [WebAuthn] .catch() for conditional mediation is not passed the abortreason that was thrown

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 5 22:21:48 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=258911

            Bug ID: 258911
           Summary: [WebAuthn] .catch() for conditional mediation is not
                    passed the abortreason that was thrown
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sweeden at au1.ibm.com

Consider I have a WebAuthn conditional mediation call (with appropriate abortController established), with a catch block such as:

navigator.credentials.get(publicKey)
.then((assertion) => {})
.catch((error) => {});

This bug is in relation to the type and value of "error" above, when the call is aborted with something like:
abortController.abort("AbortError");


According to step 3 of section 2.5.1 of the credential management API (see https://w3c.github.io/webappsec-credential-management/#algorithm-request) if the autofill navigator.credentials.get call is aborted, then the promise should be rejected "with options.signal’s abort reason". According to this reference (https://dom.spec.whatwg.org/#abortsignal-abort-reason) abort reason is "a JavaScript value" - though it is not entirely clear what that means.

The way I read it, I would have expected the value of "error" in the catch block to be the string "AbortError" - ie. what is thrown as the reason in the call to abort(), and this is indeed what I see in Chrome.

In Safari, typeof(error) returns "object", so the thing passed to the rejected promise is not the plain string abort reason.

This lack of consistency makes it difficult to write portable code in the catch block of mediated WebAuthn calls. 

I'm opening this defect to seek clarification on whether or not this is seen by the WebKit team as a bug, and if not, what the reasoning is.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230706/dd399a8b/attachment.htm>

More information about the webkit-unassigned mailing list