<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [webauthn] Enums should be DOMStrings"
   href="https://bugs.webkit.org/show_bug.cgi?id=241517">241517</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[webauthn] Enums should be DOMStrings
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>WebKit Misc.
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned@lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nsatragno@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>WebAuthn enums should be DOMStrings instead, see the discussion on the spec [1]. If a value is not valid, it should be treated as not present (which usually means it should be converted into the default). This applies to AuthenticatorAttachment, ResidentKeyRequirement, UserVerificationRequirement, and AttestationConveyancePreference.

The spec does not prescribe this, but it might be worth issuing a warning if an unknown value is detected to aid debugging.

Example code:

navigator.credentials.create({
    publicKey: {
        challenge: new Uint8Array(),
        authenticatorSelection: {
            authenticatorAttachment: "not a valid member",
        },
        rp: { name: "rp" },
        user: { displayName: "display", name: "user", id: new Uint8Array() },
        pubKeyCredParams: [],
    }
})

This throws TypeError but it should instead be equivalent to having an empty authenticatorAttachment, and maybe issue a warning instead.

[1] <a href="https://github.com/w3c/webauthn/issues/1738">https://github.com/w3c/webauthn/issues/1738</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>