Re: [webauthn] Add a way to use webauthn without Javascript (#1255) from Martin Atkins via GitHub on 2022-09-18 (public-webauthn@w3.org from September 2022)

From: Martin Atkins via GitHub <sysbot+gh@w3.org>
Date: Sun, 18 Sep 2022 01:36:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1250171711-1663465011-sysbot+gh@w3.org>

Could there be a potential compromise here in initially focusing the non-JavaScript design on the use-cases that motivated non-modal UI (#1545)?

While I do understand that several participants in this issue would prefer to have a "UI-free", webauthn-only approach, and that this would likely not satisfy that goal, for existing systems that already have username/password support and which aim to _add_ webauthn support it could perhaps be a good start to support _that_ without JavaScript, for easier retrofitting into existing designs built around HTML forms.

The conditionally-mediated UI already relies in part on declarative, HTML-only features: the `autocomplete="webauthn"` annotation to help the user-agent associate the webauthn flow with the existing login fields via the password autofill UI.

This must currently be accompanied by a call to `navigator.credentials.get` to activate the behavior. Could a new HTML element or extension of existing HTML element be a declarative substitute for `navigator.credentials.get` to activate the conditional mediation behavior without JavaScript, placing the result into a form field and immediately submitting the form?

I note that this simplification would limit the JS-free mode only to logging in with existing credentials and not to registering new credentials. This means that, as with systems relying on the JavaScript-based conditional-mediation approach, it would still be presumably necessary to build a separate registration flow for webauthn, alongside the username/password one, and it would admittedly still need JavaScript unless there were a similar non-modal registration flow that could also have a similar HTML variant.


-- 
GitHub Notification of comment by apparentlymart
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-1250171711 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 18 September 2022 01:36:54 UTC