webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
## Description Passkey Providers/Authenticators now support backed-up and non-backup credentials. It varies from one provider to the other the choices they provide. For an RP, currently they have no way...
## Proposed Change I added [an explainer](https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation) in the wiki that suggests to return a `NotFoundError` when there are no locally available credentials and otherwise show the modal UI. This...
## Proposed Change https://www.w3.org/TR/webauthn-2/#idl-index The issue with this interface is that no where in the IDL do we specify the name of the struct member that holds https://www.w3.org/TR/webauthn-2/#dictdef-authenticationextensionsclientoutputs for an...
No other specification really ought to use "effective domain". That's only for `document.domain`-related business. I suspect you just want to grab an origin's host and ignore this operation.
Closes #2257 This PR adds `rpId` to Credential Record. This optional field is defined to try and help guide RPs, that wish to use Related Origins, to store values that...
**Prerequisite Steps for All Transition Requests** - [x] **Record Group Decision to Advance** - [x] The Working Group must document a formal decision to request advancement. - [x] **Obtain Team...
Closes #2252 This PR provides a way for an RP to indicate their backup preference regarding the credential being created at registration time. Note: Given the nature of different options...
Closes #2252 This PR provides a way for an RP to indicate their backup preference regarding the credential being created at registration time via PublicKeyCredentialHint. Note: Given the nature of...
While crawling [Web Authentication: An API for accessing Public Key Credentials - Level 3](https://w3c.github.io/webauthn/), the following algorithms fire an event, or resolve or reject a Promise, within a step that...
No user agent implements "valid domain". I suspect that instead you simply want to do a type check that the host of an origin is a domain. Also, what kind...