New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add clearer recommendation on what to do with transport hints #1369
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thx @emlun! wrt where else to note this, perhaps add a Note to the description of the transports
member of the PublicKeyCredentialDescriptor
, mentioning that RPs ought to "store" and "retrieve" the hints and linking to the RP operations sections?
…scriptor description
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thx :) one v. minor comment.
You might want to consider adding a note that not all RPs will have to deal with this - only those who choose to create their own FIDO2 Servers. Third-party commercial and open-source FIDO2 Servers are more than likely capable of handling the transport hints, thus allowing RPs to focus on their business application rather than protocol semantics. |
Thanks, but I don't think such a distinction is necessary to have in the spec. The party making the JavaScript calls is the one that will need to call |
…368-transports-instructions
…368-transports-instructions
Fixes #1368.
With this we have
get()
getTransports()
in thePublicKeyCredentialDescriptor.transports
descriptiongetTransports()
in theAuthenticatorTransport
descriptionShould we add hooks anywhere else too?
Preview | Diff