Re: [webauthn] Is there a way to store metadata in the authenticator with/without an extension? (#1613) from Adam Langley via GitHub on 2021-05-20 (public-webauthn@w3.org from May 2021)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 May 2021 20:49:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-845467354-1621543794-sysbot+gh@w3.org>

You can put data in the user.id, which will be persisted by CTAP2 authenticators. (Although you shouldn't put anything sensitive in there.)

The "small blob" extension is credBlob: https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credBlob-extension

It's supported in Chrome (although probably hasn't reached stable yet), but needs CTAP 2.1 authenticators.

largeBlob is also supported in Chrome behind a flag, but authenticators are likewise rare.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1613#issuecomment-845467354 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 20 May 2021 20:49:59 UTC