Re: [webauthn] Add a note about `appid` extension not compatible with related origin requests (#2312) from Khaled Zaky via GitHub on 2025-07-10 (public-webauthn@w3.org from July 2025)

From: Khaled Zaky via GitHub <noreply@w3.org>
Date: Thu, 10 Jul 2025 23:33:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3059527711-1752190388-noreply@w3.org>

* suggest that we add a short non-normative note in the `appid` (or `appidExclude`) extension section that points back to the u2f appid facet rule. this sets expectations for rps that still hold mixed credential sets.  
* can we also consider a web-platform-tests case so future browser changes cannot regress silently.

-- 
GitHub Notification of comment by kzaky
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2312#issuecomment-3059527711 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 10 July 2025 23:33:10 UTC