webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
Fixes https://github.com/w3c/webauthn/issues/2065. `AuthenticatorAttestationResponseJSON` was added in the L3 drafts, so we can easily change `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` to type `long` (or `COSEAlgorithmIdentifier`) since L3 isn't formally released yet. `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` is also in...
## Proposed Change Multiple people who are implementing PRF extensions have got the implementation wrong regarding extension fields in request and response. We have to add some examples for this...
`rp.id` in `PublicKeyCredentialCreationOptions` and `rpId` in `PublicKeyCredentialRequestOptions` represent the same thing, but with different types. The WG agreed on the 2024-05-15 call that both should be `USVString`. Strictly speaking this...
The `supplementalPubKeys` extension states [for its attestation signing procedure](https://w3c.github.io/webauthn/#sctn-supplemental-public-keys-attestation-calculations): >Therefore when calculating an attestation for a supplemental public key, the inputs are: >- For `authData`, substitute the concatenation of the...
[`PublicKeyCredentialDescriptorJSON::id`](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialdescriptorjson-id) comes before [`PublicKeyCredentialDescriptorJSON::type`](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialdescriptorjson-type) despite [`PublicKeyCredentialDescriptor::id`](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialdescriptor-id) coming after [`PublicKeyCredentialDescriptor::type`](https://www.w3.org/TR/webauthn-3/#dom-publickeycredentialdescriptor-type). I realize that JSON deserialization should not assume the order of fields, but it would nonetheless be nice if the order...
`{{CredentialCreationOptions/mediation}}` is not yet defined upstream in CredMan, so the following passage in [§5.1.3. Create a New Credential](https://w3c.github.io/webauthn/#sctn-createCredential) is currently invalid: >By setting `options.mediation` to [conditional](https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional), [Relying Parties](https://w3c.github.io/webauthn/#relying-party) can indicate...
Discussed at TPAC as well as the 2024-10-23 call. - Remove authenticatorDisplayName from credProps for Level 3 - Address the use case in Level 4 via https://github.com/w3c/webauthn/issues/2157 Relevant Issues and...
In the TPAC discussions, there was a desire to rely solely on AAGUID for passkey provider / authenticator naming, and to remove authenticatorDisplayName from credProps. The challenge is that authenticatorDisplayName...
PLACEHOLDER ## Proposed Change Bit set by the SPC extension should backed up as part of the Public Key Credential Source.