Re: [webauthn] How long the relying party should maintain the challenge and related information? (#1848) from Shane Weeden via GitHub on 2023-02-06 (public-webauthn@w3.org from February 2023)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Mon, 06 Feb 2023 09:54:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1418806636-1675677262-sysbot+gh@w3.org>

IMO the RP provided timeout is how long to keep the challenge valid. The client knows this time and client side javascript can be used to obtain a new challenge as the timeout approaches. For autofill ui, you *should* be able to cancel a pending call, then start a new one. This was broken on Safari last time I tried but worked on Chrome (on Mac anyway). 

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1848#issuecomment-1418806636 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 6 February 2023 09:54:25 UTC