- From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
- Date: Wed, 31 Jan 2024 20:01:15 +0000
- To: public-webauthn@w3.org
@jameshartig the hints feature is designed to help drive experiences (e.g. pop ups and external device dependencies). Just because an authenticator is cross-device, does not mean it creates a specific credential type (e.g. synced vs device-bound passkeys). In many cases, a user chooses their authenticator and even its behavior. The type of passkey is returned in the response. You can parse that response and take appropriate action (ex: require the user have an additional recovery factor in the event their account only has a device-bound passkey). > So we need to do UA sniffing to understand if its Windows or not and send a different hint if its Windows. Does that seem correct? Could there be a new hint added that would convey a preference for "synced" passkeys? No, there is no passive way to determine which type of credential an authenticator is going to create. Let's continue this discussion either in a new issue, [the passkey developer community](https://github.com/orgs/passkeydeveloper/discussions), or FIDO-DEV, as it is not related to hints or attestation. -- GitHub Notification of comment by timcappalli Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1919839899 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 31 January 2024 20:01:17 UTC