Re: [webauthn] Clarify browser behavior when an authenticators return equivalent of "InvalidStateError" (#1888) from Arnar Birgisson via GitHub on 2023-07-22 (public-webauthn@w3.org from July 2023)

From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
Date: Sat, 22 Jul 2023 17:09:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1646631863-1690045774-sysbot+gh@w3.org>

Sure, that sounds fine with me. But the primary ask in this issue is that if a local credential matches an exclude list entry, and the user performs its UV ceremony (which already should be offered before any external authnr interactions), then immediately return ISE and don't offer to retry with other authenticators.

I'm _ok_ if requests with attachment=cross-platform offer some retry options, but I don't think they should. In general we should try and reduce the already complex branching logic in the common UX.

-- 
GitHub Notification of comment by arnar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1888#issuecomment-1646631863 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 22 July 2023 17:09:38 UTC