James Elliott

Considering it's not an OpenID Authorize Request without the `openid` scope this indeed is a brilliant idea. I question if we should instead reverse the order of `validateAuthorizeScope` and `validateAuthorizeRedirectURI`...

I agree with this idea. As long as it's optional and documented. Later, we can implement this into the management UI (user + admin) when it's implemented. I agree also...

I might be able to take a look at this soon. What did you mean by both? The mixed type emails?

@vdot0x23 sorry to not get back to you sooner. I managed to get this working in a very test driven branch. As you probably experienced it's very touchy about newlines...

It seems in the time we spent getting this working go has deprecated PGP. This was due in part to the lack of support etc. Do we want to consider...

> OH. I was under the assumption that the `audience` could control which groups could get access to a given client… that’s unfortunate :( This is not the purpose of...

I actually made the first local commit for this today. I think we're just going to implement it, and plaster it with notes that it's not expressly specification compliant. I'm...

Additional information: https://github.com/w3c/webauthn/issues/1293

@werty1st can you confirm if you see this when using a browser on iOS that isn't Safari?

Can you please try the authelia/authelia:[fix-ios-webauthn](https://github.com/authelia/authelia/tree/fix-ios-webauthn) image tag as well, pretty sure that'll fix the authentication step (will require a user to click start if on iOS/Safari). If it does...