Tim Cappalli
Tim Cappalli
One growing challenge with using PRF with passkeys is the blast radius for deleting a passkey, which is really only intended for use for sign in, expands significantly if it...
> Note that firefox ESR does not implement the FIDO CTAP hybrid protocol. CTAP is typically implemented in platforms, not user agents (though there are some exceptions). Firefox supports CDA...
> This will also require some changes to the following steps @annevk which steps are you referring to?
This should be addressed by https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Report-API-explainer I'd also add that the RP should be using the same user handle which will prevent multiple credentials for the same account in the...
> If I understand correctly the new passkey then overrides the old passkey in the UI (Due to having the same userHandle ?) Yes, that's correct
Authenticators and clients are expected to be spec compliant. There is only so much that can be done at a spec level. Please ask these authenticator-specific questions via a developer/deployment...
This issue is quite old and a lot has changed. In 2025, credential providers have the ability to natively integrate into 3 of 4 major operating systems with the 4th...
> Having to integrate with native APIs is apparently such a high barrier that two big names dont bother. It's actually quite a low barrier. Unfortunately some credential providers have...
> Apple mentioned that "domain verification" was available for verifiers issuing requests (from the wallet?). Is it explicitly stated somewhere how they accomplish this? Generally, I do wish for more...
@nsatragno can you PTAL at this?