Re: [webauthn] Support WWW-Authenticate (for one request. can be upgraded to cookies if necessary.) (#1616)

I'll admit I don't really know what QUIC is or how it works. At the time I got the impression that its "pluggable authn mechs" are something like an analogue of WWW-Authenticate and similar, but implemented in the transport layer instead of the HTTP layer.

But is your use case to support user clients other than web browsers? In that case, there's already nothing stopping servers from supporting that. See for example the [Okta WebAuthn authentication API](https://developer.okta.com/docs/reference/api/authn/#verify-webauthn-factor). There's no cross-RP standardized API for this though, if that's what you're asking for.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1616#issuecomment-848237931 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 25 May 2021 20:29:26 UTC