Re: [webauthn] Support Filtering by Username in Conditional UI (#1793) from Matthew Miller via GitHub on 2022-09-08 (public-webauthn@w3.org from September 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Thu, 08 Sep 2022 18:33:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1241083563-1662662036-sysbot+gh@w3.org>

> It seems like a better UX pattern to not offer the password field at all if we know the user has a passkey, right? Especially since the goal over time is to get rid of passwords completely.

[To date Conditional UI doesn't appear to require the `<form>` to include **both** a username and password](https://github.com/w3c/webauthn/wiki/Explainer%3A-WebAuthn-Conditional-UI#api-layer), just at least one input with the `"webauthn"` value in the `<input>`'s `autocomplete` attribute. I don't think we should get hung up on whether it's appropriate to show a password input if we're encouraging RP's to go passwordless, since this same filtering issue would exist in a login prompt consisting of a single username field that must be submitted before a password field _may_ be shown (or WebAuthn launched, second factor code sent out, etc...), as is commonly the case in SSO-backed authentications.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1793#issuecomment-1241083563 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 8 September 2022 18:34:00 UTC