Re: [webauthn] non-modal "conditionally mediated" UI (#1576) from =JeffH via GitHub on 2022-03-25 (public-webauthn@w3.org from March 2022)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Mar 2022 21:46:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1079460290-1648244783-sysbot+gh@w3.org>

> What would get autofilled into the current-password input in this scenario? Is the idea here that a user clicking a credential in response to conditional mediation when the Password input gains focus instead somehow leads to submission of the credential?

[ I changed the example [in my earlier post](https://github.com/w3c/webauthn/pull/1576#issuecomment-1078430998) to be `autocomplete="webauthn username"` because it's more simple ]

The idea is (roughly): upon page load, if `isConditionalMediationAvailable()` is true, then JS does an async call of `nav.creds.get()` with `options.mediation="conditional"` (i.e., "in the background"), and the page's HTML is:
```html
<label for="name">Username:</label>
<input type="text" name="name" autofill="webauthn username">
```
Then, the conditional UI non-modal cred-picker dialog is displayed (positioned near/at the form control field the webauthn autofill detail token is associated with) listing any available webauthn/fido creds for this user at this RP (if there's none, perhaps still display the dialog listing only the "Sign with another device..." item):
![image](https://user-images.githubusercontent.com/226571/160202177-d944c345-e91d-44fe-b83c-957c9b94659e.png)
If the user clicks outside the dialog, the dialog disappears and autofill occurs as normal for that form control field (in this case, it would be the username that is autofilled), and would continue with the legacy flow (e.g. username/password). In this case the `get()` call would never resolve.

However, if the user selects a cred displayed in the non-modal cred-picker dialog, then the page's background `get()` call proceeds using the selected credential and the user is prompted as usual by the client platform for appropriate UV gesture/PIN/etc, and the user is signed-in using webauthn.

See also the Conditional UI explainer.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1576#issuecomment-1079460290 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 25 March 2022 21:46:27 UTC