Re: [webauthn] Removing “lightning” from AuthenticatorTransport (#1294)

A bit of an update. 

Apple has shipped support for CTAP2 in Safari.   That support includes using standard keys in a USB port on ipad pros and via a camera connector kit on iOS (note that the adaptor cost is similar to the cost of a key, and it is a bit awkward do I doubt many people will do this in practice)

The remaining issue is that native apps like Brave and other native apps must use SFAuthenticationSession or SFSafariViewController depending on if they want access to cookies.

This is also only available on  iOS 13 so older phones currently have no support other than having the application using a SDK to talk to a key over "CTAP_over_MFi" transport.  

I agree with Apple that the best way for most apps to integrate with WebAuthn is via SFAuthenticationSession however for browsers and other native apps on iOS 13 they are probably going to use a SDK to talk NFC directly and use the "CTAP_over_MFi" transport for lightning connected keys.   For iOS 12 and older devices "CTAP_over_MFi" transport seems to still be the only option.

Leaving the transport hint as "lightning" or changing it to "CTAP_over_MFi" or something else seem like the best options.   The reason for the hint has not disappeared.

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-572559692 using your GitHub account

Received on Thursday, 9 January 2020 13:25:07 UTC