[webauthn] The standard is very web-centric, can be a bit confusing for app-only users (#2048) from Rick M via GitHub on 2024-03-24 (public-webauthn@w3.org from March 2024)

From: Rick M via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Mar 2024 21:46:02 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2204572517-1711316760-sysbot+gh@w3.org>

JetForMe has just created a new issue for https://github.com/w3c/webauthn:

== The standard is very web-centric, can be a bit confusing for app-only users ==
I'm not sure if this is actually a limitation of the spec, or a keychain implementation like Apple’s.

I recently implemented WebAuthn registration and authentication for my iOS app. The app is the only UI (there is no webapp), but it does have a server component. Stored passkeys are listed like this, but I'd rather instead of showing “latencyzero.com” (the effective domain) or “chargeminder.latencyzero.com” (the RP url), it showed the domain name as “Latency: Zero, LLC” and the app name as “ChargeMinder.” I don’t think the spec allows for a “display name ” for the effective domain or RP ID, does it? Or is Apple displaying the wrong thing(s) here?

In any case, this is confusing for the user, because my company name isn't strongly branded in the app. I’ve raised this issue with Apple, too.

![iOSPasskeyDisplay](https://github.com/w3c/webauthn/assets/401600/3d06ed18-af90-4d6a-99e4-8382ee946832)


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2048 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 24 March 2024 21:46:03 UTC