- From: mscdex via GitHub <noreply@w3.org>
- Date: Thu, 10 Jul 2025 04:42:18 +0000
- To: public-webauthn@w3.org
mscdex has just created a new issue for https://github.com/w3c/webauthn: == New `userVerification` value with conditional behavior == ## Description Currently when an authenticator utilizes a PIN and has multiple credentials for the same RP and `navigator.credentials.get()` is called with `userVerification: 'discouraged'`, the authenticator returns an anonymized list of credentials for the user to choose from (at least with a Yubikey and Firefox in my test environment). To improve that situation, one can set `userVerification: 'required'`, at which point the user is forced to enter their PIN but then is at least able to see sensible credential user (display) names so that they can make a more informed choice. However, if there is only one credential in an authenticator for a specific RP, then for convenience it is ideal to use `userVerification: 'discouraged'` because there is no need to show real user (display) names because there is only one to choose. The problem is that (AFAIK) there is no way to know in advance whether there is one or multiple credentials for an RP, so I cannot conditionally change the `userVerification` value, so my request is this: it would be nice to have a new `userVerification` value that basically instructs the authenticator to act as if `'required'` was set but only when there is more than one matching credential for the RP, otherwise it acts as if `'discouraged'` was set. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2310 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 10 July 2025 04:42:19 UTC