[Webkit-unassigned] [Bug 275765] New: PublicKeyCredential.getClientCapabilities inconsistent with spec

Fri Jun 21 18:08:41 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=275765

            Bug ID: 275765
           Summary: PublicKeyCredential.getClientCapabilities inconsistent
                    with spec
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: macOS 14
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit API
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: eric at ericstern.com

W3C WebAuthn draft spec: https://w3c.github.io/webauthn/#enum-clientCapability

Actual value from calling the API in Safari (all versions I've tested that have it, up to and including Safari 18 in iOS Dev Beta 1):

{"hybridTransport": true, "conditionalCreate": true, "conditionalMediation": true, "passkeyPlatformAuthenticator": true, "userVerifyingPlatformAuthenticator": true}

Note that the spec uses `conditionalGet`, not `conditionalMediation`.

I recognize this is a bit of a fuzzy area as part of the draft spec, but this seems to be an area of recent change with the automatic passkey registration APIs for conditional create. 

In my observation, WebKit is the only browser engine that supports the API at all, so I'm not sure whether the spec or the engine should change here, or something else. If I had to pick one, I'd prefer `conditionalGet` since it's more consistent with the `navigator.credentials` APIs.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240622/c7104b31/attachment.htm>