- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Sat, 10 Aug 2019 03:08:45 +0000
- To: public-webauthn@w3.org
On the other hand with no allow list the user may be presented with a list of credentials that they need to select from or say OK to. I haven't seen the UI on Android but there has been a request to change CTAP so that the platform gets the user info even if only one credential is returned. That is so the platform can display it to the user for consent. So you may be trading one dialog for another. In the native app case it can remember the credential ID so that is less of an issue. It is still possible to cookie the email/user name allowing the user to overwrite it and return a allow list. That may be a more familiar flow to start your users with. Clicking on a button and having all system dialogs for logging in is more of a UX change. At the moment it is only Microsoft doing the no allow list login that I have seen in the wild. Both work quite well. On the desktop using caBLE to access the credentials on the phone a identifier first flow is probably prefered to allow auto pairing. There are quite a few issues to consider. Christian is probably the one you should be talking to about the Android platform authenticator UX. John B. On Fri, Aug 9, 2019, 8:39 PM Ki-Eun Shin <notifications@github.com> wrote: > Yeah, we are still considering the best way for providing the WebAuthn. > Any suggestion for making concrete user flow would help us a lot. > > Regarding the flow with an allow list is a way for solving this. > But it will introduce additional user input (user id or username). > Ideally, we would like to introduce one or two button saying "use your > device" or "user your external device" then user click it without typing > anything to trigger get credential. > > I am also happy to find the better ways and work with browser and platform > vendors. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/w3c/webauthn/issues/1267?email_source=notifications&email_token=AAAPQJ2UF7PG6TYP3ZNSUJ3QDYE5LA5CNFSM4IIDYLYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4ACKCQ#issuecomment-520103178>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AAAPQJ7P6B4M3QVY6FUCAPDQDYE5LANCNFSM4IIDYLYA> > . > -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1267#issuecomment-520112870 using your GitHub account
Received on Saturday, 10 August 2019 03:08:46 UTC