- From: jychab via GitHub <noreply@w3.org>
- Date: Mon, 29 Sep 2025 13:31:35 +0000
- To: public-webauthn@w3.org
> > I'm understanding "auto selection" here to be when the WebAuthn call jumps straight to a prompt to use an authenticator, not that no user interaction occurs. > > All known major implementations still allow you to select a different credential for a different account. > > Client Hints can also be used if other form factors are desired. The main difference is that Client Hints are advisory, while the proposed flag would be normative and enforceable. Client Hints leave the decision to the browser, which may ignore them (as is common today when a platform key is available). In contrast, a dedicated flag gives the relying party a predictable way to prevent auto-selection and guarantee that the user is actually presented with a choice of authenticators. -- GitHub Notification of comment by jychab Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2335#issuecomment-3346975591 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 29 September 2025 13:31:36 UTC