-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new error codes #2095
Open
MasterKale
wants to merge
16
commits into
main
Choose a base branch
from
2062-new-error-codes
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Add new error codes #2095
Changes from all commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
7d5d141
Add UserCancelledError
MasterKale d055e4c
Add HybridPrerequisitesError
MasterKale aee5232
Add TimeoutError
MasterKale 7c45c45
Add UserHybridCancelledError
MasterKale 35d7b3a
Replace "cancelled" with "cancellation"
MasterKale 4dcbd9b
Add UserVerificationError
MasterKale 0906982
Remove user cancellation from NotAllowedError
MasterKale 6bd9757
Move where TimeoutError is raised
MasterKale c4140c7
Define new error interfaces
MasterKale 4986178
Update error references to use new interfaces
MasterKale 00baf08
Merge branch '1859-differentiate-errors' into 2062-new-error-codes
MasterKale 17ff8f1
Remove duplicate TimeoutError
MasterKale d6ada58
Merge branch 'main' into 2062-new-error-codes
MasterKale 09571b2
Remove hybrid errors for now
MasterKale 0887054
Add required IDL for new error codes
MasterKale 7aec744
Replace UserCancellationError with OptOutError
MasterKale File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1965,7 +1965,15 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o | |
|
||
: If the user exercises a user agent user-interface option to cancel the process, | ||
:: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator| | ||
and [=set/remove=] |authenticator| from |issuedRequests|. Throw a "{{NotAllowedError}}" {{DOMException}}. | ||
and [=set/remove=] |authenticator| from |issuedRequests|. | ||
|
||
If the user agent is informing the user that | ||
the last used |authenticator| cannot collect [=user verification=] when | ||
<code>|pkOptions|.{{PublicKeyCredentialCreationOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/userVerification}}</code> | ||
is set to {{UserVerificationRequirement/required}}, | ||
throw a "{{UserVerificationError}}" {{DOMException}}. | ||
|
||
Otherwise, throw an "{{OptOutError}}" {{DOMException}}. | ||
|
||
: If <code>|options|.{{CredentialCreationOptions/signal}}</code> is present and [=AbortSignal/aborted=], | ||
:: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] | ||
|
@@ -2234,7 +2242,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o | |
</dl> | ||
</li> | ||
|
||
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the | ||
1. Throw a "{{TimeoutError}}" {{DOMException}}. In order to prevent information leak that could identify the | ||
emlun marked this conversation as resolved.
Show resolved
Hide resolved
|
||
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See | ||
[[#sctn-make-credential-privacy]] for details. | ||
|
||
|
@@ -2280,9 +2288,19 @@ The following {{DOMException}} exceptions can be raised: | |
the [=client=] does not support [[#sctn-related-origins|related origin requests]] | ||
or the [$related origins validation procedure$] failed. | ||
|
||
: {{TimeoutError}} | ||
:: The ceremony was cancelled by the user agent after exceeding the time limit permitted for the ceremony. | ||
See [[#sctn-timeout-recommended-range]] for more information. | ||
|
||
: {{UnknownError}} | ||
:: The [=authenticator=] could not process the supplied options, | ||
or encountered an error while creating the new credential. | ||
Comment on lines
+2295
to
+2297
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think |
||
|
||
: {{UserVerificationError}} | ||
:: The user was unable to complete [=user verification=] as required by the [=[RP]=]. | ||
|
||
: {{NotAllowedError}} | ||
:: A catch-all error covering a wide range of possible reasons, | ||
including common ones like the user canceling out of the ceremony. | ||
:: A catch-all error covering a wide range of possible reasons. | ||
Some of these causes are documented throughout this spec, | ||
while others are client-specific. | ||
|
||
|
@@ -2504,7 +2522,15 @@ When this method is invoked, the user agent MUST execute the following algorithm | |
|
||
: If the user exercises a user agent user-interface option to cancel the process, | ||
:: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator| | ||
and [=set/remove=] |authenticator| from |issuedRequests|. Throw a "{{NotAllowedError}}" {{DOMException}}. | ||
and [=set/remove=] |authenticator| from |issuedRequests|. | ||
|
||
If the user agent is informing the user that | ||
MasterKale marked this conversation as resolved.
Show resolved
Hide resolved
|
||
the last used |authenticator| cannot collect [=user verification=] when | ||
<code>|pkOptions|.{{PublicKeyCredentialCreationOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/userVerification}}</code> | ||
is set to {{UserVerificationRequirement/required}}, | ||
throw a "{{UserVerificationError}}" {{DOMException}}. | ||
|
||
Otherwise, throw an "{{OptOutError}}" {{DOMException}}. | ||
|
||
: If <code>|options|.{{CredentialRequestOptions/signal}}</code> is present and [=AbortSignal/aborted=], | ||
:: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator| | ||
|
@@ -2683,7 +2709,7 @@ When this method is invoked, the user agent MUST execute the following algorithm | |
1. Return |constructAssertionAlg| and terminate this algorithm. | ||
</dl> | ||
|
||
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the | ||
1. Throw a "{{TimeoutError}}" {{DOMException}}. In order to prevent information leak that could identify the | ||
emlun marked this conversation as resolved.
Show resolved
Hide resolved
|
||
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See | ||
[[#sctn-assertion-privacy]] for details. | ||
|
||
|
@@ -2838,9 +2864,19 @@ The following {{DOMException}} exceptions can be raised: | |
the [=client=] does not support [[#sctn-related-origins|related origin requests]] | ||
or the [$related origins validation procedure$] failed. | ||
|
||
: {{TimeoutError}} | ||
:: The ceremony was cancelled by the user agent after exceeding the time limit permitted for the ceremony. | ||
See [[#sctn-timeout-recommended-range]] for more information. | ||
|
||
: {{UnknownError}} | ||
:: The [=authenticator=] could not process the supplied options, | ||
or encountered an error while generating an [=assertion signature=]. | ||
|
||
: {{UserVerificationError}} | ||
:: The user was unable to complete [=user verification=] as required by the [=[RP]=]. | ||
|
||
: {{NotAllowedError}} | ||
:: A catch-all error covering a wide range of possible reasons, | ||
including common ones like the user canceling out of the ceremony. | ||
:: A catch-all error covering a wide range of possible reasons. | ||
Some of these causes are documented throughout this spec, | ||
while others are client-specific. | ||
</dl> | ||
|
@@ -3707,6 +3743,33 @@ SHOULD be aborted. | |
See [WHATWG HTML WG Issue #2711](https://github.com/whatwg/html/issues/2711) for more details. | ||
|
||
|
||
## WebAuthn Interfaces ## {#sctn-interfaces} | ||
|
||
The subection below defines custom interfaces used throughout WebAuthn. | ||
|
||
### Custom WebAuthn Exceptions ### {#iface-custom-webauthn-exceptions} | ||
|
||
For descriptions of these exceptions, | ||
please see [[#sctn-create-request-exceptions]] and [[#sctn-get-request-exceptions]]. | ||
|
||
<xmp class="idl"> | ||
[Exposed=Window, Serializable] | ||
interface UserVerificationError : DOMException { | ||
constructor(optional DOMString message = ""); | ||
}; | ||
</xmp> | ||
|
||
The <code>new UserVerificationError(|message|)</code> constructor steps are: | ||
|
||
1. Set [=this=]'s {{DOMException/name}} to `"UserVerificationError"`. | ||
1. Set [=this=]'s {{DOMException/message}} to `message`. | ||
|
||
{{UserVerificationError}} objects are [=serializable objects=]. | ||
|
||
Their [=serialization steps=], given |value| and |serialized|, are to run the {{DOMException}} [=serialization steps=] given |value| and |serialized|. | ||
|
||
Their [=deserialization steps=], given |serialized| and |value|, are to run the {{DOMException}} [=deserialization steps=] given |serialized| and |value|. | ||
|
||
## WebAuthn Extensions Inputs and Outputs ## {#sctn-extensions-inputs-outputs} | ||
|
||
The subsections below define the data types used for conveying [=WebAuthn extension=] inputs and outputs. | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The equivalent error on the authenticator layer is
error code equivalent to "ConstraintError"
, so I think that could be used here too?This would lump this together with another
ConstraintError
thrown whenauthenticatorSelection.userVerification == "required"
andmediation == "conditional"
, but that is also an error expressing that UV was required but couldn't be performed, so I think that can be okay?Then we could also add a case to pass through
error code equivalent to "ConstraintError"
from the authenticator layer, like we do withInvalidStateError
.