- From: Arian van Putten via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Dec 2023 14:53:22 +0000
- To: public-webauthn@w3.org
> Then just don't use residentKeys/discoverableCredentials. This whole issue is avoided if you do that. There's no reason why we couldn't have a nice autofill UI even if the RP provides an `allowCredentials` list no? It sounds like the most elegant solution to me. Let the RP set `allowCredentials` and then the client only displays the intersection of `allowCredentials` and the credentials that are actually stored in the browser. Having `allowCredentials: []` maybe just is not as useful as we originally thought. The RP needs to check if the returned credential is valid; so he might as well populate `allowCredentials` beforehand... -- GitHub Notification of comment by arianvp Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1967#issuecomment-1843050724 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 December 2023 14:53:24 UTC