Re: [webauthn] Consider allowing cross-domain credential use (#1372)

I was indeed talking about operating an extension as a RP.

> If an extension wishes to perform WebAuthn “itself”, i.e. operating as an RP, then that's not officially supported. It will work in Chrome if you don't specify an RP ID (Chrome will use the “chrome-extension://” address as the RP ID) but this is non-standard.

Indeed it will work if you don't specify the RPID or if you use the exact extension ID (same thing for Firefox browser (until Mozilla fix a bug that makes the flow hanging)). 
It might be non-standard as of today but it's also the only way to leverage FIDO2 in this context.
This also causes interoperability issues with other implementations of FIDO2 on other platforms like Android / iOS.

I'm interested to understand how this discussion can lead to changes in the spec (who has authority on it) and how we can all collaborate to extend the support of WebAuthn.

-- 
GitHub Notification of comment by Mikescops
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-812456854 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 2 April 2021 09:43:41 UTC