Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688) from Chad Killingsworth via GitHub on 2022-06-06 (public-webauthn@w3.org from June 2022)

From: Chad Killingsworth via GitHub <sysbot+gh@w3.org>
Date: Mon, 06 Jun 2022 16:46:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1147658711-1654534016-sysbot+gh@w3.org>

These are a confusing set of topics that's for sure. What I want is something like:

```js
navigator.credentials.get({
  publicKey: {
    challenge: new Uint8Array([/* bytes sent from the server */]),
    userVerification: true,
    authenticatorSelection: {
      attachment: "platform" // this is the missing piece
    }
  }
})
```

There's been some discussion of doing this via extensions, but also an acknowledgement that no user agent currently recognizes the extensions. Or did I miss a capability that already is in the spec? This could be accomplished with transport filtering as well, but I'm personally more interested in attachment.

-- 
GitHub Notification of comment by ChadKillingsworth
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1147658711 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 6 June 2022 16:46:59 UTC