The opposite also seems true. Google Chrome for Android will happily created a server-side credential without erroring out, even when setting `requireResidentKey` to `required`. I would expect it to error out as described in the spec, but it silent generates a server-side credential. The spec says I can differentiate between these cases using the `credProps` extension in the cases of `discouraged` and `preferred`. But what do I do with misbehaving platforms that don't error out as the spec mandates? -- GitHub Notification of comment by arianvp Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1457#issuecomment-690985071 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Friday, 11 September 2020 09:34:08 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:41 UTC