- From: Lucas Garron via GitHub <sysbot+gh@w3.org>
- Date: Thu, 07 Jan 2021 05:52:36 +0000
- To: public-webauthn@w3.org
I think it could also be interesting to give browsers an option to initiate passwordless login directly, for sites with resident credential registration. The browser could visit a URL that directly communicates the intention, and receives a streamlined challenge rather than having to load a bulkier login page. This could either be a fixed URL like `https://example.com/.well-known/login/resident-key` (note that we already have a vague precedent for `/.well-known/change-password`) or field/extension that the site sets at registration time. This: - Matches the existing direction of the WebAuthn spec in taking login UX choices out of the site's hands and leaving them to the browser. - Would provide a more consistent experience for the user. - Makes it simpler for RPs to know what they need to implement this, without having to make customized decisions about how to adapt their login flow. -- GitHub Notification of comment by lgarron Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1545#issuecomment-755901795 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 7 January 2021 05:52:37 UTC