Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rp vs. rpId #191

Closed
rlin1 opened this issue Jun 9, 2022 · 2 comments
Closed

rp vs. rpId #191

rlin1 opened this issue Jun 9, 2022 · 2 comments
Assignees
@stephenmcgruer

Comments

@rlin1
Copy link
Collaborator

rlin1 commented Jun 9, 2022

We use rp in CollectedClientAdditionalPaymentData
But we use rpId in SecurePaymentConfirmationRequest

type is USVString in both cases and the meaning seems to be identical, i.e. RP ID.

Why is that?
@stephenmcgruer
Copy link
Collaborator

I believe this is just an oversight / historical artifact from the early days of the spec.

CollectedClientAdditionalPaymentData came first, and I think used rp 'just because', i.e. without any reason.

Adding the RP info to SecurePaymentConfirmationRequest came later, and by that time we were aware that WebAuthn's rp concept is actually a full type, PublicKeyCredentialRpEntity, and when the WebAuthn spec only needs to encode the ID (e.g. in PublicKeyCredentialRequestOptions), it names it rpId. So we followed that.

I believe we should align on the latter (rpId) in both these cases. We can either do that today with a backwards compatible change (e.g., start making CollectedClientAdditionalPaymentData return an rpId member, but note that implementations may also return rp due to historical reasons), or we can do that if/when we do a full API change away from PaymentRequest (tracked by #65 and #56 , approximately). I'm happy with either :).

@stephenmcgruer stephenmcgruer self-assigned this Aug 10, 2022
stephenmcgruer added a commit that referenced this issue Aug 10, 2022
@stephenmcgruer
[Spec] Rename rp --> rpId in CollectedClientAdditionalPaymentData
dd14bfa 
To align with WebAuthn, we should use the term rpId here. This is a breaking
change, but implementations can mitigate the breakage by continuing to include
the old 'rp' name going forwards.

See #191
@stephenmcgruer stephenmcgruer mentioned this issue Aug 10, 2022
Merged
stephenmcgruer added a commit that referenced this issue Aug 25, 2022
@stephenmcgruer
[Spec] Rename rp --> rpId in CollectedClientAdditionalPaymentData (#198)
c4962df 
To align with WebAuthn, we should use the term rpId here. This is a breaking
change, but implementations can mitigate the breakage by continuing to include
the old 'rp' name going forwards.

See #191

Test changes: web-platform-tests/wpt#35602
Implementation bugs:

Chrome: https://crbug.com/1356224
Safari: N/A
Firefox: N/A
@stephenmcgruer
Copy link
Collaborator

This has been fixed in the specs, tests, and in Chrome. On the Chrome side, once the change is in Stable (target end of October) we will send out an announcement asking folks to switch their validation logic over, with some deprecation period TBD (probably 3-6 months).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephenmcgruer stephenmcgruer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephenmcgruer @rlin1