Ki-Eun Shin
Ki-Eun Shin
> Older browsers exist that will not provide that value. In those cases you probably don't want to prompt the user. @agl If it is the case, then the value...
@equalsJeffH I think that you are right. The get call with empty allow credential is not common, but as a RP, we need to provide the concrete UXs for such...
@rlin1 Yes, exactly. Since the lack of discovery mechanism for registered credential, RP is hard to handle such error cases without user intervention. So, RP would like to get the...
This is not about the restriction to only allow the platform authenticator. If the RP is willing to support both platform and external, RP can explicitly support both by providing...
It doesn't make sense the reason we shouldn't do this because of the ecosystem. RP does have a way to specify authenticator attachment during registration. But, for authentication, RP cannot...
Let me explain our situation. We, LINE have hundreds of million users and basically they are mobile phone based users. Of course, We want to protect our users by providing...
@arshadnoor do you think I was asking customizing the spec for our own use cases? We are willing to support universal authentications if there is and we are going to...
John, Thanks for pointing out. I basically agree with your suggestion. If the platform can handle the cases better, we should rely on it. I hope that our users do...
Yeah, we are still considering the best way for providing the WebAuthn. Any suggestion for making concrete user flow would help us a lot. Regarding the flow with an allow...
This issue has been discussed before (#1060). But, it seems better to revisit this issue since the market changes to leverage the RK for the passkey implementation.