mixed U2F and WebAuthn from Marius Scurtescu on 2019-07-18 (public-webauthn@w3.org from July 2019)

From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Thu, 18 Jul 2019 14:54:34 -0700
To: public-webauthn@w3.org
Message-ID: <CABpvcNtV5PFH6VLeWnaT1A=mEn_9VmdM9bcHyYZvVRQwDeB_eA@mail.gmail.com>

When the AppID extension is used in order to support legacy U2F registered
authenticators, can the allowCredentials array (part ofl
navigator.credentials.get) contain a mix of U2F and WebAuthn registered
keys?

Reading the "Client extension processing" of "10.1. FIDO AppID Extension
(appid)" that seems to be the case with the retry in step 5, but the note
at the end states that "several implementations do not implement steps four
and onward". Making sure the note refers only to FacetID and that the rest
of step 5 is actually implemented?

Does anyone have experience with this in the wild? Do most browser actually
implement step 5 as described?

Thanks,
Marius

Received on Thursday, 18 July 2019 21:55:08 UTC