Re: [webauthn] Provide a mechanism to indicate backend registration success or failure (#2067) from Arian van Putten via GitHub on 2024-05-05 (public-webauthn@w3.org from May 2024)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Sun, 05 May 2024 08:07:02 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2094675956-1714896420-sysbot+gh@w3.org>

> After this happens, let's assume the user refreshes the page. The page's UI might be structured where there's a dual-purpose form, such as a register flow that also adds autocomplete="username webauthn" and runs the conditional flow to sign in. The user focuses the field and is prompted by the browser to use their (useless) credential

This is the recommended UX by FIDO Alliance. https://fidoalliance.org/ux-guidelines/

Effectively trapping people in a broken authentication loop.

I agree that discoverable credentials should have a two-phase commit on registration. Anything else will lead to users getting extremely confused and locked out of registration and authentication flows


-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2067#issuecomment-2094675956 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 5 May 2024 08:07:04 UTC