-
-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better error type identification in the browser #357
Comments
Hmm, it's true that This proposal could be interpreted as a request to introduce SimpleWebAuthn-specific error codes. Is that the direction you're thinking this would go? |
Thanks for the follow up. Yes, exactly--I was thinking these would be lib-specific error codes. Right now, I'm parsing the message in order to do some differentiation, but that will likely be brittle long-term. |
I was poking around https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error/cause Perhaps I can use this here 🤔 |
That seems workable. I also tested Opera (listed as not supporting |
So far what I'm thinking of doing is creating a custom error (when I don't pass through the WebAuthn error), and including the original error as
I'm between 1 and 2 right now, maybe preferring 2 because if any error messages are similar between the two then I can reuse error codes. |
I like 2 as well. The context is implied, which makes handling errors from either function similar. |
@mhamann I'm working on #367 to finally address this. What do you think about the following error codes?
Now's the time to make suggestions if any of these seem off for whatever reason. |
This looks fantastic. I can't think of anything missing, and those seem nicely descriptive of what caused the error. |
@mhamann I just published @simplewebauthn/browser@7.2.0 that should resolve this issue 🚀 |
Thanks very much! We'll upgrade ASAP! |
Describe the issue
When catching errors thrown by the browser API, it's desirable to identify what type of error occurred so that the user experience can be altered accordingly.
For example, did the user cancel the authentication? Was the browser unable to fulfill the request for some reason? Based on the error thrown, the user could be prompted to try again, or in some cases (e.g., browser autofill init), just ignore the error altogether.
This would also help cases where autofill and explicit
startAuthentication()
requests are used in parallel: one to help a user leverage an existing passkey even if they're not familiar with the terminology and another for users who know what they want immediately. The autofill request might be intentionally cancelled due to a more explicit request being initiated.Currently, the library throws generic
Error
s, but it would be useful to customize those errors and set some sort ofcode
property that can be programmatically relied upon to not change, even though english string messaging might. (e.g.,code: E_CANCELLED
orcode: E_NO_INPUTS
)I am happy to PR changes in this regard if its agreed that this would be a helpful addition.
SimpleWebAuthn Libraries
$ npm list --depth=0 | grep @simplewebauthn ├── @simplewebauthn/browser@7.0.1 ├── @simplewebauthn/typescript-types@7.0.0
The text was updated successfully, but these errors were encountered: