Re: [webauthn] [Superset] Updating credential metadata and requesting deletion of stale credentials (#1967) from Nina Satragno via GitHub on 2023-12-06 (public-webauthn@w3.org from December 2023)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Dec 2023 17:31:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1843350588-1701883912-sysbot+gh@w3.org>

>  Let the RP set allowCredentials and then the client only displays the intersection of allowCredentials and the credentials that are actually stored in the browser.

OT, but if you want to build a username first into password + autofill UI flow today you can do it. See `credentialIdFilter` in https://w3c.github.io/webauthn/#sctn-discover-from-external-source, conditional UI supports passing an allow list to filter the credentials. They still have to be discoverable because they need a label to be put in autofill, and non discoverable credentials may forgo storing a name / display name.

-- 
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1967#issuecomment-1843350588 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 6 December 2023 17:31:56 UTC