- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Fri, 14 Mar 2025 00:45:44 +0000
- To: public-webauthn@w3.org
> > There remain bigger fish to fry than JS-less invocation of WebAuthn > > [@MasterKale](https://github.com/MasterKale) like what, exactly? What incentives are not aligned? Most of the organisations in control of this specification are JS forward/heavy orgs (MS, Google) and have no motivation to implement this - they already have complex JS stacks and this doesn't really bother them. Especially true here is Google/Chrome which is the majority browser engine - if they aren't supporting this, then they can simply veto this it by not implementing it. And currently Google and Chrome have no incentive to care to implement this or support it in the spec, since they are happy to use more JS. Nor do they believe JS is a security concern. These orgs also tend to be the same ones who want *MORE* complex JS calls in webauthn to filter authenticators and do more complex (and confusing) auth processes, so to them, they *need* JS to meet their goals - they don't want to be *removing* it from their workflows. For the forseeable future, webauthn is JS dependent. That's just "how it do be like". Your best option for a "html-like" webauthn option is htmx who have expressed an interest in a component that does webauthn without you having to manually craft JS calls. Outside of that - you're out of luck. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-2723027058 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 14 March 2025 00:45:45 UTC