Firstyear
Firstyear
> Agree with @nadalin - the adoption community is the right place for this discussion. I disagree. This is not an adoption issue, but a specification issue. > I do...
@sbweeden I'm planning to open new issues/pr for these items :) It's in my todo list so it won't be forgotten.
> All good here. Only thing that comes to mind was my suggestion about changing the finish methods to return the mutated credential, but that's not really _needed_. I did...
@ericmarkmartin It's already been removed :) the whole interface has a huge set of changes.
@aseigler I don't have any samples sadly, so I can't really validate or confirm it works. But it also isn't api breaking to add that later.
@aseigler If you put it through the compat test https://webauthn.firstyear.id.au/compat_test and submit the json in a report, we can implement it :)
Thanks everyone! I've just published 4.3 (because of some earlier version hiccups). Thank you all for your support, ideas and contributions! Happy-authenticating!
> On 2022-05-18 WG call: we should also point out that RPs need to make sure their subdomains are sufficiently secured too. For example, if users can run arbitrary script...
Absolutely, but I've also seen legitimate use cases of this too. It's just that RP's need to make that decision about if they want to open up to that or...
Agreed, we already store BS and BE in webauthn-rs, and we are able to validate state changes between them are valid transitions. Do we also have guidance around what happens...