webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Non-modal registration during conditional assertion

Open pascoej opened this issue 1 year ago • 12 comments

Description

WebAuthn UIs for registration in browsers are typically intrusive. This presents a challenge for sites that are transitioning from usernames and passwords because RPs have to find the right moment to prompt the user to upgrade to a WebAuthn credential.

WebAuthn could provide a way for RPs to signal at time of login that they want to create WebAuthn credential for any users logging in with a username/password. These log in pages can already use conditional assertions to show credentials in the user agent's AutoFill drop down. This existing call could be extended with an extension to optionally register a credential whenever the user opts to AutoFill a username and password.

I've written an explainer linked below about how this might work.

Related Links

Explainer: WebAuthn Conditional Registration Extension

pascoej avatar Jul 25 '23 22:07 pascoej