Re: [webauthn] Add a way to use webauthn without Javascript (#1255) from Kote Isaev via GitHub on 2022-11-20 (public-webauthn@w3.org from November 2022)

From: Kote Isaev via GitHub <sysbot+gh@w3.org>
Date: Sun, 20 Nov 2022 00:55:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1321003363-1668905709-sysbot+gh@w3.org>

> Regardless: This issue is about performing WebAuthn without JS and not about the UI provided by browsers which are independent issues.

I not fully agree here. As I mentioned earlier, lack of professionally-looking UI in browser is one of key reasons of why website provides own UIs for that.

Also, one of strange aspects of in-browser UI at least of desktop is usage of uncomfortable popups even if some full-page UI can be shown instead with some domain-specific details like icon, title and description and other details.
But I totally agree, that implementing this approach of common UI of "select your account or begin registration of new one", and so on, is related to browser capabilities, not specific to WebAuthn. Still, I insist, that work over a convention of how to unify and standardize auth flows like `login`, `register` `authorize/payment` (assuming it may be something else that can be authorized, like digital document signatures, across all these schemes of auth, will help to adopt schemes like WebAuthn.\



> The basic auth and TLS client cert protocols definitely support logout (just don't send the basic auth HTTP header or TLS auth extensions), so lack of logout is again a browser UI issue that should get fixed.

To my understanding, it will be very helpful for website developers is to add something like 
```
<button type="logout">Log Out</button>
```
To make sure logout procedure explicit and button for that can be placed in a way website design demands to place it - at site header, in some user account menu, etc.
But then it would require like
```
<div demand="signed-in|guest">
....content for specific case...
</div>
```
Well, it all shows, that completely without javascript, declarative components necessary or attributes and values to existing, to make sure all common tasks related to sign in, sign out, sign up, and hiding some element of UI. Some things may require new CSS selectors like `auth:guest` or `auth:user` or even `auth:schema(schema_name)` may be necessary.
It is not a "click here" scope, but without all these details webauth will not be freed from JavaScript dependency.

-- 
GitHub Notification of comment by koteisaev
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-1321003363 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 20 November 2022 00:55:13 UTC