Contact emails...@chromium.org Specificationhttps://w3c.github.io/webauthn/#enum-hints
Summary The new `hints` parameter[1] in WebAuthn requests allows sites to provide guidance to browsers to guide their UI. The canonical use case are enterprises which know that their internal sites use only security keys and want to be able to communicate that so that browsers focus the UI on that case. But hints also resolve a tension where the current `authenticatorAttachment` parameter is strict: setting it to `platform` excludes all cross-platform options and vice versa. This has proven less than ideal in some cases. [1] https://w3c.github.io/webauthn/#enum-hints Blink componentBlink>WebAuthentication <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebAuthentication> TAG reviewNone TAG review statusNot applicable Risks Interoperability and Compatibility None: new option which only tweaks UI. *Gecko*: No signal *WebKit*: No objections when asked in person. *Web developers*: Positive. Several sites have requested this functionality, which motivated the spec change. They continue to want it and have done so for quite a while now. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No. Debuggability Not really. This causes the browser UI to switch emphasis, but doesn't other change any site-observable behaviour. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? On Android & Android WebView, support would require changes to other components: the android.credentials code in the framework and, for older Android versions, Play Services. That might come in the future, but it's not part of the Blink and Chrome work. (The Blink change is, of course, required for anything else in the system to be able to handle this parameter.) Some versions of Windows handle WebAuthn UI themselves and, while Chrome can change it's UI, this parameter won't immediately change the Windows UI. However, Microsoft is positive about this change and Chromium will be updated to pass this parameter on as soon as the Windows API is able to receive it. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Hints only affect the browser UI and unknown parameters are ignored in WebAuthn already. Flag name on chrome://flagsNone Finch feature nameWebAuthenticationHints Requires code in //chrome?True: Chrome-specific WebAuthn UI is handled in //chrome and needs to respond to these hints. Other embedders would have to do the same to benefit from this change. Estimated milestones Shipping on desktop 128 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5145737733341184?gate=5155815622443008 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL9PXLzcnJ9xLwJZzQJBL0UJdnDGb7tB5Uu7cYqB%2Bdcdb%2BCfTQ%40mail.gmail.com.
