W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

Re: [webauthn] New platform authenticators are making discoverable credentials regardless of residentKey=false passed to Create() (#1457)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Fri, 11 Sep 2020 13:07:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-691084266-1599829657-sysbot+gh@w3.org>
I found a page that claims that Chrome for Android does indeed not implement residentKeys: https://codelabs.developers.google.com/codelabs/webauthn-reauth/#4

However; that means I would expect `create`  with `requireResidentKeys = true` to fail; as per the Webauthn L1 spec; instead of   `get` to fail when you do not pass any credentials. 

I agree this is something we should clarify with the folks at Google. What is the best course of action here? Shall I open a bug report on chromium and cross-link it here?



-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1457#issuecomment-691084266 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 11 September 2020 13:07:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 11 September 2020 13:07:43 UTC