- From: Eric Stern via GitHub <sysbot+gh@w3.org>
- Date: Mon, 16 Sep 2024 21:23:44 +0000
- To: public-webauthn@w3.org
> What is the rationale for that? Is it easier for sites to add an element to the HTML than a field to the credential options? Forgetting the current autocomplete=webauthn token is a common failure case for using conditional mediation, especially during early development. Thinking on it more, I'd suggest simplifying this whole concept further, and _default to_ the proposed ambient UI for all conditional requests unless the input field is present (in which case it'll use the existing UIs that are attached to the input field). A well-formed call to `credentials.get()` signals pretty clear intent to do something relating to authn, and while I broadly prefer explicit over implicit behaviors, this feels like it may be the lowest-friction forward-compatible approach - and shouldn't cause issues for any existing (working) implementations. > For implementers it would add some complexity, since the JS call handler won't know right away whether it will need to show the ambient UI, and we have to think about handling situations where that element is added to the document at an arbitrary point after page load. I could see the possibility of hiding the ambient UI and switching to the autofill one if an appropriate `input autocomplete=webauthn` element shows up in the DOM, but I think the majority case is "just show something so the user can sign in" so even that may not be necessary. -- GitHub Notification of comment by Firehed Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2144#issuecomment-2354056799 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 September 2024 21:23:45 UTC