Re: [webauthn] Support Filtering by Username in Conditional UI (#1793) from Christiaan Brand via GitHub on 2022-09-08 (public-webauthn@w3.org from September 2022)

From: Christiaan Brand via GitHub <sysbot+gh@w3.org>
Date: Thu, 08 Sep 2022 17:59:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1241050622-1662659987-sysbot+gh@w3.org>

Wouldn't it make more sense to just send an explicit "Get" request with _all_ the credentialIds that the server knows for this particular user?

Or, alternatively, send the credentialId that the user used to start this particular session? Is there a particular reason for even having the password field there, if we _know_ this user has a passkey (which they potentially even used to initiate this session).

It seems like a better UX pattern to not offer the password field at all if we know the user has a passkey, right? Especially since the goal over time is to get rid of passwords completely.

-- 
GitHub Notification of comment by christiaanbrand
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1793#issuecomment-1241050622 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 8 September 2022 17:59:50 UTC