Comments (3)
emlun
commented on July 28, 2024
1
I'll keep #2082 open because layout consistency is good for readability even when not formally required.
Is there any recommendation at all on the order of fields?
For how RPs should order fields in JavaScript representations of the options objects: no, order should not matter at all.
The low-level CTAP protocol does care about serialization order, but that's a different protocol which is not exposed to web applications and is not defined in WebIDL.
from webauthn.
emlun
commented on July 28, 2024
I think this order only applies to the internal dictionary representation that determines things like iteration order. I don't think it's meant to be enforced for parsing values in language bindings. I'll have to review the WebIDL spec some more before I'm sure, but I don't think there's any issue with the spec examples.
from webauthn.
zacknewman
commented on July 28, 2024
Honestly I know next to nothing about Web IDL. I only started looking at it since you mentioned it in #2082. If the order does not matter, then presumably #2082 should be closed? Is there any recommendation at all on the order of fields? Lexicographic order like Web IDL? Source definition order? In the RP library I am writing, I initially adhered to the source definition order when serializing data, but I then switched to the order mentioned in Web IDL. I realize it likely does not matter what order I use, but I'd rather use the "safest" order if there is one.
from webauthn.
Related Issues (20)
- Does WebAuthn supports User-Verifying Roaming Authenticators HOT 4
- How does First-factor roaming authenticator registration happens with RP (involving client) HOT 2
- CredentialCreationOptions/mediation not yet defined in CredMan HOT 1
- Authenticator Attestation Response's [[transports]] should be an attribute rather than an internal slot. HOT 4
- Align the order of fields in PublicKeyCredentialDescriptorJSON with PublicKeyCredentialDescriptor HOT 2
- Allow conditional mediation flow without username or password field, I.E. from button press HOT 4
- Add support for hinting at verbiage other than "sign in" during authentication HOT 5
- Add support for IDNs and display domain names in Unicode for a more user friendly UX HOT 4
- Add examples for PRF extension HOT 3
- Passkey - Disable authentication with another device HOT 3
- Proposal for password-only authentication using ES256 HOT 10
- [[Create]] should not access the global object directly HOT 1
- Define `TypeError` behavior during `.get()` HOT 2
- Return more nuanced errors HOT 3
- Does Related Origins introduce a need for "Related RP IDs" support in `.get()`? HOT 1
- UTF-8 decode should not be required for response.clientDataJSON and cData HOT 2
- CollectedClientData fields are not ordered correctly and crossOrigin should be required
- Add `topOrigin` to the limited verification algorithm HOT 2
- Use URI instead of URL for related origins HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn.