Contact emails [email protected], [email protected], [email protected]
Explainer https://github.com/w3c/webauthn/blob/main/explainers/cross-device-fallback-url.md Specification https://github.com/w3c/webauthn/pull/2380 Summary The crossDeviceFallbackUrl extension for WebAuthn assertion requests, allows users who attempt to sign in WebAuthn cross-device authentication (the CTAP "hybrid" transport, ie scanning a browser-rendered QR code with a phone) to authenticate via alternative mechanisms if they don't have passkeys available. This is meant to reduce friction for users while trying to sign in with a passkey from another device. In the crossDeviceFallbackUrl, Relying Parties can provide a “fallback” URL to a sign in page. The authenticator device (usually a phone) will open this URL if it does not have a passkey available for the given RP. The RP can then authenticate the user on the phone via other (unspecified) mechanisms. Blink component Blink>WebAuthentication Web Feature ID Missing feature Motivation The most common failure observed in WebAuthn cross-device ("hybrid") authentication requests is that the remote authenticator device (authenticator), does not have an available passkey. This is a common UX complaint, since users already have gone through significant friction to get to that point (ie, got out their phone and scanned the QR code). There usually is no clear recovery path for this user journey; the user is expected to dismiss the error on the phone, cancel the WebAuthn request on their desktop, and then continue to authenticate in some other way. The crossDeviceFallbackUrl extension enables Relying Party websites to handle the fallback authentication directly on the remote authenticator device, reducing user friction in a common failure path. Initial public proposal https://github.com/w3c/webauthn/pull/2380 Goals for experimentation None Requires code in //chrome? False Tracking bug https://crbug.com/509934168 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6376947442647040?gate=6457133676756992 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69fa1a08.2b0a0220.45bca.004a.GAE%40google.com.
