-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define error handling #130
Comments
From discussion in the call today, we (Android/Chrome) are arguing that these two cases must be indistinguishable (consistent with WebAuthn):
But once a user has said they're willing to share a credential, then in general it's fine to propagate rich error information (but that's all likely at the protocol level). It sounds like this bit isn't controversial? We just need to formalize the details in the spec. Another point from the call today: will front-ends parse some of the protocol response or leave that entirely to their back-end (who have the keys to decrypt the credential presentation)? Perhaps we should provide a mechanism for wallets to be able to trigger a specific |
Hmm, I'm not sure if #156 helps or hurts actually. Is it implicit that all such validation rules must be stateless (not influenced by the contents of the user's wallet)? If not then there's possibly some risk of information leakage based on whether a given request throws a I think addressing this issue is really in the algorithm for getting the credential presentation. Like perhaps we need a step something like "Get explicit user permission for allowing this website to communicate with the selected wallet application now". Before that step all errors must reveal nothing about the user's personal state, while after that step it's up to the wallet what's revealed. Presumably we won't actually specify anything about the credential store, just about how the user agent / OS communicates with a wallet application, right? If so then I think this issue is addressed by a combination of that architecture and a statement saying users must give permission before information is exchanged with the wallet on each and every invocation. |
At TPAC we had a breakout where we tried to dig into this but we didn't. I'm not familiar with the DigitalCredentials errors being exposed right now but I can explains what we are proposing in w3c-fedid/FedCM#498 to see what kind of coordination we would like to have. Filing this issue to perhaps get the interested folks in a call at some point to flesh this out? Note: surfacing new errors / discussions on the privacy implications of doing so is out of scope for this issue, I'm more interested in looking at the current status quo of each spec so that we can confidently merge the relevant FedCM PR. |
From discussion in F2F meeting today, we have a few goals:
Our conclusions were:
DOMException
error names and don't believe it should be necessary to define any new ones.So the work now is probably twofold:
The text was updated successfully, but these errors were encountered: