- From: Taylor Hunt via GitHub <sysbot+gh@w3.org>
- Date: Sun, 01 Dec 2019 22:43:32 +0000
- To: public-webauthn@w3.org
I doubt browsers want to revive the `<keygen>` element, but it addressed a lot of design decisions brought up in this thread. A strawman using only already-standardized HTML could look like:
```html
<form method="post" action="/exampleapp/webauthn/finish_assertion">
<input name="user" autocomplete="username">
<keygen name="webauthn"
required
keytype="webauthn-public"
keyparams="alg -7"
challenge="WwdPrNbUcI1034qZ9LYks32ZPezDLZSieFI9f6NaZZs">
<!-- fallback for non-implementing browsers goes here -->
</keygen>
<input type="hidden" autocomplete="webauthn-userid">
<input type="hidden" name="exampleapp_request_id" value="3a74f2b4-cff0-4f50-8076-2f5532a0d6f3">
</form>
```
The `required` attribute is reused for the WebAuthN API’s `userVerification: 'required'`. `hidden` could be used for `userVerification: 'discouraged'`, and `'preferred'` would be the default.
Multiple credentials as mentioned by @Garnac could be implemented with multiple elements.
Of course, this strawman lacks a lot of the discussed functionality, but I think it’s worth learning from the Web of yesteryear for how one might implement webauthn without JavaScript.
--
GitHub Notification of comment by tigt
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-560169100 using your GitHub account
Received on Sunday, 1 December 2019 22:43:33 UTC