- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Sep 2023 16:13:36 +0000
- To: public-webauthn@w3.org
The thought occurred to me over the weekend: how can the browser know an auth is successful if A) the RP cannot use the `conditionalCreate` extension, and B) the user doesn't use the browser autofill to enter username + password (because we're assuming the user **can't** use WebAuthn hence the desire to conditionally register a credential.) If `conditionalCreateLifetimeTimer` can be started by the browser without the use of `conditionalCreate`, it's unclear to me right now what heuristics a client might use to know when to start the timer. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1951#issuecomment-1734064551 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 25 September 2023 16:13:38 UTC