[Webkit-unassigned] [Bug 274217] New: navigator.credentials.create return Type error when authenticatorAttachment is null

Wed May 15 09:43:51 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=274217

            Bug ID: 274217
           Summary: navigator.credentials.create return Type error when
                    authenticatorAttachment is null
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: chunli at stripe.com

We found that we couldn't add a passkey in Safari due to a weird "Type error" from navigator.credentials.create, while other browsers like Chrome, Firefox, and Edge continued to work without any issues. The root cause was that our backend didn't return the authenticatorAttachment to the frontend, and the frontend passed authenticatorAttachment = null to navigator.credentials.create. We fixed the issue by removing it when the value was null, but according to the WebAuthn spec(https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-authenticatorattachment), Safari should ignore the unknown value.

>From the spec:
authenticatorAttachment, of type DOMString
If this member is present, eligible authenticators are filtered to only authenticators attached with the specified § 5.4.5 Authenticator Attachment Enumeration (enum AuthenticatorAttachment). The value SHOULD be a member of AuthenticatorAttachment but client platforms MUST ignore unknown values, treating an unknown value as if the member does not exist.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240515/8b63a679/attachment.htm>