- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 25 Sep 2024 16:15:51 +0000
- To: public-webauthn@w3.org
`Promise<BufferSource>`, what I'm going to say is an alternative way of pronouncing "challenge callback", which was discussed at pretty extensive length over here: https://github.com/w3c/webauthn/issues/1856 The issue has all but been closed since then. In the WAWG discussion at TPAC yesterday the challenge URL was understood to be a better pattern for mobile use cases as well, so that whether you're in a browser or a native app an RP could allow for parallelizable credential discovery and challenge requesting to significantly improve some at-scale passkey auth scenarios (the idea is `rpId` could be specified earlier in page/app initialization, then while the platform/browser is discovering available credentials from available providers using the RP ID, a separate request for the challenge could occur in parallel to then pass in as client data to whatever authenticator/provider the user ultimately chooses to sign in with.) -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2152#issuecomment-2374534797 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 25 September 2024 16:15:52 UTC