[webauthn] Should the WebAuth API have a cancel() method?

kpaulh has just created a new issue for https://github.com/w3c/webauthn:

== Should the WebAuth API have a cancel() method? ==
Hey gang,

The spec details an authenticatorCancel method, but the client doesn't necessarily know when to invoke it. We have seen a couple scenarios where not having a way to cancel an existing authenticator operation from Javascript might present an undesirable user experience. 

For example, having multiple tabs that are attempting operations and losing focus on one. The user opens two registration tabs. The device will blink until it receives two taps.
 
Since promises aren't themselves cancelable, it seems that a cancel() method is the best option - assuming these use cases are concerning enough to warrant one. (We're not entirely convinced that they are). We also briefly considered having smaller timeouts, say, 10 seconds, but this presents problems for bluetooth authenticators. 

Thoughts?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/380 using your GitHub account

Received on Tuesday, 14 March 2017 23:37:34 UTC