- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Oct 2021 05:05:29 +0000
- To: public-webauthn@w3.org
I was initially thinking about reporting this as a Chromium bug but after researching the issue more including testing with adding `transports` to `allowCredentials` (which worked as expected), it would be technically incorrect calling this a bug. However, due to Chrome's massive market-share, their implementation can be regarded as "normative". IMO you actually need a browser/OS-local list of registered credentials _in order to get a reasonable and predictable UX_. That is, `transports` should remain _redundant_ for `get()` which effectively would be a specification change or clarification. Requiring RPs to supply additional information to feed `get()` is a clear disadvantage and incompatible with the current WebAuthn ecosystem. With a proper WebAuthn implementation `credentialId` should be sufficient for targeting a specific credential, while the absence of `credentialId` should provide the user with a list of applicable credentials to choose from. I would like to hear what GitHub and their likes think about the Chrome update. -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1677#issuecomment-950530629 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 25 October 2021 05:05:31 UTC