webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
[Semantic line breaks](https://sembr.org/) is an editorial convention that may facilitate more efficient work on the text, while making no difference to the rendered output. Currently, the WebAuthn spec source is...
Various opportunities for improvement I noticed while reviewing PR #1951, but some of this is beyond the scope of that PR. We should merge #1951 first, then this PR scope...
## Description Adding an optional parameter to excludeCredentials on a Get call. The use case is specific to multi-login scenarios: Let's say a user is already logged in with two...
I would like to propose there being a standardized format for password-only (that is, effectively single-factor authentication) keys using WebAuthn. I understand there may be some reluctance among the WebAuthn...
The `[[Create]]` internal method for `PublicKeyCredential` has the following [text](https://w3c.github.io/webauthn/#sctn-discover-from-external-source:~:text=If%20the%20relevant,relevant%20global%20object.): ``` 1. If the [=relevant global object=], as determined by the calling {{CredentialsContainer/create()}} implementation, does not have [=transient activation=]: 1....
## Description The current iteration of the WebAuthn spec supports automated testing via an integration with WebDriver. This support should be extended to support WebDriver BiDi. The work here is...
This extension allows for signing arbitrary data using a key associated with but different from a WebAuthn credential key pair. Motivating use cases of this include: - Enabling use of...
I would ask about opportunity to disable and avoid opportunity for user to authenticate with another device. I encounter information "Sign in with another device" during authentication process and I...
## Description The current conditional UI is a huge step in the right direction for seamlessly logging users in when they have stored a passkey previously, but is still dependent...
## Description Currently, there's no way to influence the text shown to users during authentication, beyond the previously-registered name values. For the common case of signing in, the default text...
