Skip to content

Only exclude CredIDs matching the RPID #651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Nov 3, 2017
Merged

Only exclude CredIDs matching the RPID #651

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d879b79
Only exclude CredIDs matching the RPID
Oct 16, 2017
be4c139
Change |rpId| to rpEntity.id
Oct 23, 2017
4794adb
Fix getAssertion too.
Oct 23, 2017
a242e6a
In this case it is |rpId|
Oct 23, 2017
af04111
Improved language.
Nov 2, 2017
558c013
Fix up makeCredential with the same fixes.
Nov 2, 2017
e051327
Update index.bs
Nov 2, 2017
6e5f27f
Fix indent.
Nov 2, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1762,8 +1762,11 @@ When this operation is invoked, the authenticator must perform the following pro
1. Check if at least one of the specified combinations of {{PublicKeyCredentialType}} and cryptographic parameters in
|credTypesAndPubKeyAlgs| is supported.
If not, return an error code equivalent to "{{NotSupportedError}}" and terminate the operation.
1. Check if a credential matching an [=list/item=] of |excludeCredentialDescriptorList| is present on this authenticator. If
so, return an error code equivalent to "{{NotAllowedError}}" and terminate the operation.
1. Check if any credential bound to this authenticator matches an [=list/item=] of |excludeCredentialDescriptorList|. A match
occurs if a credential matches <code>|rpEntity|.{{PublicKeyCredentialRpEntity/id}}</code> and an |excludeCredentialDescriptorList|
item's <code>|excludeCredentialDescriptorList|.{{PublicKeyCredentialDescriptor/id}}</code> and
<code>|excludeCredentialDescriptorList|.{{PublicKeyCredentialDescriptor/type}}</code>.
If so, return an error code equivalent to "{{NotAllowedError}}" and terminate the operation.
1. If |requireResidentKey| is |true| and the authenticator cannot store a [=Client-side-resident Credential
Private Key=], return an error code equivalent to "{{ConstraintError}}" and terminate the operation.
1. If |requireUserVerification| is |true| and the authenticator cannot perform user verification,
Expand Down Expand Up @@ -1829,7 +1832,9 @@ When this method is invoked, the [=authenticator=] must perform the following pr
equivalent to "{{UnknownError}}" and terminate the operation.
1. If |allowCredentialDescriptorList| was not supplied, set it to a list of all credentials stored for |rpId| (as determined by
an exact match of |rpId|).
1. Remove any items from |allowCredentialDescriptorList| that are not present on this [=authenticator=].
1. Remove any items from |allowCredentialDescriptorList| that do not match a credential bound to this authenticator. A match
occurs if a credential matches <code>|rpId|</code> and an |allowCredentialDescriptorList| item's <code>|allowCredentialDescriptorList|
{{PublicKeyCredentialDescriptor/id}}</code> and <code>|allowCredentialDescriptorList|{{PublicKeyCredentialDescriptor/type}}</code>.
1. If |allowCredentialDescriptorList| is now empty, return an error code equivalent to "{{NotAllowedError}}" and terminate the
operation.
1. Prompt the user to select a [=public key credential|credential=] |selectedCredential| from |allowCredentialDescriptorList|.
Expand Down