webauthn
webauthn copied to clipboard
w3c
Web Authentication: An API for accessing Public Key Credentials
This is probably going to be a hot-take, but I think it needs to be written and shared. Right now, there are a bunch of issues in this standard related...
At the June F2F, the topic of how painful it can be to require enterprise attestation came up. Right now browsers throw a type error if not supported, but that...
If the authentication response coming from the external authenticator or phone (with hybrid transport) and the client device supports platform authentication, it is recommended for RPs to provide promotion to...
Hi, I noticed that during `credentials.create(...)`, if the list does not contain what the authenticator can provide, the authenticator will not be included in the list of authenticators to choose...
The addition of `ArrayBuffer` in the WebAuthn APIs has been an often-cited challenge for relying party developers, as JavaScript does not have integration for converting such buffers to text for...
This week at WWDC Apple demonstrated the ability of one iCloud user with a registered passkey to share that passkey with another individual on a separate iCloud account. The implications...
Fixes #1731. *** Preview | Diff
The [OPAQUE Asymmetric PAKE Protocol](https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html) has recently been published by the IETF Network Working Group. In particular, the section "[Client Credential Storage and Recovery](https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html#name-client-credential-storage-a)" is interesting, because that part specifies...
Adding a way to use webauthn without Javascript should be considered. For example most Tor users have Javascript always disabled, and having a way to use webauthn without JS would...
This sentence in the spec's abstract is now out of date with the upcoming launch of multi-device credentials across all three major platform vendors: > Conceptually, one or more [public...