- From: Mitar via GitHub <noreply@w3.org>
- Date: Sat, 12 Jul 2025 09:03:56 +0000
- To: public-webauthn@w3.org
> This won't work My mistake. No `allowCredentials` or "with constant user ID" is needed. Just "immediate mediation set" can be set and this is it. Because for my use case, there ever will be only one account for this RP, so "any credential for RP returned by the client" is that credential known to RP. So I think this could work. UX would require to have some additional buttons like "try get again" and "try create again", if user clicks cancel because the got confused. But otherwise RP can try quickly both and only fallback on explicit "get" and "create" buttons if it does not get any credential. > the hard part is how the client should decide whether or not a credential exists Maybe and probably I am missing something here. But shouldn't the client know if there is any credential for the RP? Or are you talking about syncing and other issues you mentioned in #1568, I will reply to those there. > I don't think this is functionally different from https://github.com/w3c/webauthn/issues/1568 Yes, that is the goal! To be able to implement "get or create" without having to introduce whole new method which will be hard to get vendors to support. A flag might be easier to standardize. But while functionality is the same, UX suffers with the flag (user has to cancel potential flow twice). -- GitHub Notification of comment by mitar Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2313#issuecomment-3064966420 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 12 July 2025 09:03:57 UTC