- From: Ken Buchanan via GitHub <sysbot+gh@w3.org>
- Date: Fri, 09 May 2025 16:20:00 +0000
- To: public-webauthn@w3.org
> This could still happen after the user navigates to the login page or exactly where it does now. It’s not random we leave it up to RPs - we had this exact same dicussion with WebAuthn user gestures for Safari and they were lifted. As someone responsible for large consumer RP implementations, I have problems seeing clearly how this approach helps for most pages. The main advantage of not having a user gesture requirement for existing modal WebAuthn calls is that they can be used for re-auth, a use case for which immediate mediation isn't useful. Immediate is aimed at scenarios in which a user has done something to indicate a sign-in is appropriate at that time. This isn't precisely replicating `preferImmediatelyAvailableCredentials` on mobile because the web has different privacy properties. There is a separate proposal for a mode called Ambient, in which more subtle (non-modal) UI is displayed to offer the user an opportunity to sign-in, and would not require user activation. https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Ambient-Signin-UI That proposal is still active. -- GitHub Notification of comment by kenrb Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2291#issuecomment-2867143892 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 9 May 2025 16:20:01 UTC