- From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Jan 2023 20:06:07 +0000
- To: public-webauthn@w3.org
That's the opposite. ☺ TL;DR - `credProps.rk: true` -> discoverable credential - `credProps.rk: undefined` -> probably a server side credential Client can set `rk` to `true` during registration (`residentKey = "required"`), so they know that the returned credential is a discoverable credential and thus also set `rk` to `true` in the _credProps_. But authenticators can create discoverable credential even if `rk` is set to `false`, so in this case the client can not know if the credential created is a rk or not, and thus must omit `rk` in the `credProps`. In the future, it could be used if we have a modal asking the user if they want to create a passkey on the authenticator (residentKey = preferred++) to convey to the RP if the user accepted to create a discoverable credential or server side credential, and then provide the correct login UI. We could also move the _credProps_ extension to CTAP for authenticators that may opportunistically create a discoverable credential. -- GitHub Notification of comment by serianox Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1822#issuecomment-1379419362 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 January 2023 20:06:09 UTC