This is currently written as MAYs so as to be minimally breaking. An alternative solution to the case where `authenticatorSelection` or `allowCredentials.transports` are incompatible with what the platform supports would be to add a step directly after the origin check where the client MAY return a `ConstraintError` or similar without user consent. That might be a "more" breaking change, though. There might also be implications for privacy considerations, but I think they would be very minor. If anyone would prefer this alternative solution, please voice your support explicitly. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/962#issuecomment-398718291 using your GitHub accountReceived on Wednesday, 20 June 2018 11:34:52 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC