W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] various issues with AppId extension

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Dec 2017 20:58:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-349439210-1512507487-sysbot+gh@w3.org>
@leshi Oh right, that is a good point. Though I think in practice most users will probably have only one authenticator, which mitigates the impact. The RP could also somewhat work around it by trying both U2F and Webauthn credentials in two separate `getAssertion` calls, but it would be a pretty ugly user experience.

We could fix this by making the extension value a `[{ credentialId, appId }...]` list, or a `{ appId: [credentialId...] }` object or the like, but we'd hoped that the next releases would have no breaking changes. I can't say whether or not we'll do that.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/491#issuecomment-349439210 using your GitHub account
Received on Tuesday, 5 December 2017 20:58:09 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC