Re: mixed U2F and WebAuthn

On Thu, Jul 18, 2019 at 2:55 PM Marius Scurtescu <> wrote:

> When the AppID extension is used in order to support legacy U2F registered
> authenticators, can the allowCredentials array (part ofl
> navigator.credentials.get) contain a mix of U2F and WebAuthn registered
> keys?


Reading the "Client extension processing" of "10.1. FIDO AppID Extension
> (appid)" that seems to be the case with the retry in step 5, but the note
> at the end states that "several implementations do not implement steps four
> and onward". Making sure the note refers only to FacetID and that the rest
> of step 5 is actually implemented?

 It refers to the algorithm here
i.e. the more complex FacetID processing.



Received on Thursday, 18 July 2019 22:56:25 UTC