W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2020

Re: [webauthn] How should website authors "get or create"? (#1533)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Tue, 08 Dec 2020 21:01:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-741025012-1607461269-sysbot+gh@w3.org>
> I think your answers ought to be addressed in https://github.com/fido-alliance/how-to-fido/blob/master/HowToFIDO.md --- a subtle-but-important aspect of making this work smoothly is for the platform authenticator to support discoverable credentials, such the RP does `navigator.credential.get()` using an empty allow list and the platform authnr can find the cred and utilize it, regardless of the browser that's being used at the time.

Indeed, I'd love to be able to rely on resident key/client-side discoverable credentials. But since Android Chrome doesn't support them (yet), is there something better if we want to support all the major platform authenticators in the short term?

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1533#issuecomment-741025012 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 December 2020 21:01:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 8 December 2020 21:01:13 UTC