- From: Corentin Mors via GitHub <sysbot+gh@w3.org>
- Date: Sat, 03 Apr 2021 10:22:31 +0000
- To: public-webauthn@w3.org
@MasterKale perfectly summed up my thoughts. > If that's the case then I think an extension is not quite the right model. @agl Here you put the authentication as the core of the product, which is not often the case. If you want a real use case example, I work for a password manager, so it's both an app (to manage your secrets) and a content-script (to autofill web-forms). In this specific case providing passwordless authentication with the fingerprint or 2FA using roaming auth is an important feature in term of convenience on one side and security on the other. We are currently using U2F and interoperability is working just fine between Windows/Mac/Android/iOS. Now the web extensions are missing here, and the next logical step is to migrate to WebAuthn (and FIDO2 more broadly). So two things at the moment: - as @MasterKale said, supporting a form of "internal RP" that we can set to be shared by all the different apps would be awesome. - improving the specifications concerning the use of WebAuthn within extensions would be great too so the implementation will be uniform accross browsers. Few resources that could help: - I made a dummy extension to test WebAuthn in an extension : https://github.com/Mikescops/webauthn-extension-playground - Discussion with Mozilla team as their WebAuthn implementation in extension is broken: https://bugzilla.mozilla.org/show_bug.cgi?id=1693562 -- GitHub Notification of comment by Mikescops Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1372#issuecomment-812845652 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 3 April 2021 10:22:33 UTC