- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Sun, 19 Jun 2022 13:20:15 +0000
- To: public-webauthn@w3.org
A website can't silently check whether the browser already has credentials without triggering the (interactive) sign-in experience (for obvious privacy reasons). It can, however: * Ask the browser to show any known credentials in autofill when the user selects a username field, for cases where both passwords and WebAuthn are supported. (Browser support for this is still in development though.) * Know when the user just signed-in using a non-local device, like a security key or phone, which might be a good signal to try registering the local device. * Set the known credential IDs in the exclude list when calling `create`, which prevents existing credentials from being overwritten without (for platform authenticators) showing the user a visible error. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1159724981 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 19 June 2022 13:20:17 UTC