W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: Webauthn capability detection

From: Emil Lundberg <emil@yubico.com>
Date: Tue, 5 Mar 2019 15:35:55 +0100
Message-ID: <CANMnvkzE6+bE5E+b3rc_r+T69v-6o8Myz4-RReMnQCYT_x_JqQ@mail.gmail.com>
To: Robert Lee <robert@loveathome.us>, W3C Web Authn WG <public-webauthn@w3.org>
Hi, thanks for your interest in WebAuthn!

I don't know what can be inferred passively from user agent strings and the
like, but I'll bounce this on to the public discussion list at

What I do know exists is the
`isUserVerifyingPlatformAuthenticatorAvailable()` method [1] in the
WebAuthn API. This method will return `true `if there is a platform
authenticator capable of some kind of user verification (UV). It won't let
you detect every platform authenticator, but I would guess that most
platform authenticators do support some kind of UV, most often a
fingerprint reader.

I hope that helps, and I hope others on the maillist can provide more
information about other methods of capability detection.



On Tue, 5 Mar 2019 at 14:10 Robert Lee <robert@loveathome.us> wrote:

> Greetings,
> I'm working on an effort to support Webauthn for an online application.
> To capture opportunity size, I'd like to be able to determine what
> percentage of my current customers could support a Webauthn registration.
> As a starting point, I'm wanting to target "platform authenticator" enabled
> devices (like android 7+, windows 10, osx with touchbar), etc.
> What are the current best ways to measure this? Is it required do query
> every visitor directly, or is it something that could potentially be
> gleaned from user agent strings or other signatures?
> Thank you,
> Robert

Emil Lundberg

Software Developer | Yubico <http://www.yubico.com/>
Received on Tuesday, 5 March 2019 14:36:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC