webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
This PR attempts to pull together any exceptions raised by `create()` and `get()` to help RP's understand what exceptions may be encountered when using WebAuthn. The intention here is to...
[`COSEAlgorithmIdentifier`](https://www.w3.org/TR/webauthn-3/#typedefdef-cosealgorithmidentifier) is defined as a [`long`](https://webidl.spec.whatwg.org/#idl-long), but [`AuthenticatorAttestationResponseJSON.publicKeyAlgorithm`](https://www.w3.org/TR/webauthn-3/#dom-authenticatorattestationresponsejson-publickeyalgorithm) is a [`long long`](https://webidl.spec.whatwg.org/#idl-long-long). While RPs are likely based on 64-bit platforms, it seems unnecessary to require 64-bit signed integers when a...
## Background We have introduced PublicKeyCredentialHints for RP to better convey intention of which transport is preferred for both credential creation and authentication. Previously, AuthenticatorAttachment was used to convey similar...
https://www.w3.org/TR/webauthn-3/#clientdatajson-serialization ends up calling ECMAScript operations on WebIDL and/or Infra values. For example: > 3. Append [CCDToString](https://www.w3.org/TR/webauthn-3/#ccdtostring)([type](https://www.w3.org/TR/webauthn-3/#dom-collectedclientdata-type)) to result. Here `type` is a WebIDL value, of type `DOMString`. If we...
[RP ID](https://www.w3.org/TR/webauthn-3/#rp-id) is required to be a [valid domain string](https://url.spec.whatwg.org/#valid-domain-string) which is the string representation of a [valid domain](https://url.spec.whatwg.org/#valid-domain). The definition of a valid domain cites [issue 245](https://github.com/whatwg/url/issues/245) which raises...
- Adds `enterpriseAttestation` to getClientClientCapabilities enum - Adds blurb to "enterprise" definition that clients should include it Resolves #1742 *** Preview | Diff
Adds the `timeSinceUv` authenticator extension as defined in #2034 Open questions for WG discussion: 1. Technically an out of band vault unlock for passkey provider doesn't satisfy user verification as...
Changes `conditionalMediation` client capability to `conditionalGet` for consistency with `conditionalCreate`. *** Preview | Diff
According to [`flags`](https://www.w3.org/TR/webauthn-3/#authdata-flags), bits 1 and 5 are "reserved for future use" without any requirement they are 0; however [Figure 3](https://www.w3.org/TR/webauthn-3/#fig-authData) and [Figure 6](https://www.w3.org/TR/webauthn-3/#attestation-object) display those bits as 0. Are...
## Proposed Change [§6.1. Authenticator Data](https://www.w3.org/TR/webauthn-3/#sctn-authenticator-data) defines a procedure "[**Authenticators perform the following steps to generate an authenticator data structure**](https://www.w3.org/TR/webauthn-3/#authenticator-data-perform-the-following-steps-to-generate-an-authenticator-data-structure)", which includes the step: >- The [UP](https://www.w3.org/TR/webauthn-3/#authdata-flags-up) [flag](https://www.w3.org/TR/webauthn-3/#authdata-flags) SHALL be...
