getClientCapabilities() method allows to determine which WebAuthn features are supported by the user's client. The method returns a list of supported capabilities, allowing developers to tailor authentication experiences and workflows based on the client's specific functionality.
None
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
None
https://wpt.fyi/results/webauthn/getclientcapabilities.https.html
Shipping on desktop | 133 |
DevTrial on desktop | 131 |
Shipping on Android | 133 |
DevTrial on Android | 131 |
Shipping on WebView | 133 |
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
NoneAndrii Natiahlyi
Software Engineer
Google Germany GmbH
Erika-Mann-Straße 33
80636 München
Geschäftsführer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
Contact emails
nati...@google.com, a...@google.com
Explainer
None
Specification
https://w3c.github.io/webauthn/#sctn-getClientCapabilities
Summary
getClientCapabilities() method allows to determine which WebAuthn features are supported by the user's client. The method returns a list of supported capabilities, allowing developers to tailor authentication experiences and workflows based on the client's specific functionality.
Blink component
Blink>WebAuthentication
TAG review
None
TAG review status
Not applicable
Risks
Interoperability and Compatibility
None
Gecko: No signal
WebKit: Shipped/Shipping (https://developer.apple.com/documentation/safari-release-notes/safari-17_4-release-notes#WebAuthn)
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes
Is this feature fully tested by web-platform-tests?
Yeshttps://wpt.fyi/results/webauthn/getclientcapabilities.https.html
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMrd0vy9wGn_fEQ4e9mX87cgz_jReJw7zOhbTrDweKARCUwyRw%40mail.gmail.com.
Hello Mike,Thank you for your feedback.Regarding Gecko, I requested a Mozilla position on this emerging web specification.> Given that any capability can be omitted, do we expect {} to be conforming, however unlikely (I think yes?)?And yes, you're correct. Even though it's unlikely, we do expect an empty set `{}` to be conforming.Best,Andrii
On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <mike...@chromium.org> wrote:
On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Is there additional fingerprinting risk here? I'm happy to see this move forward even if there is, but we should call it out.
On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi wrote:
Hello Mike,Thank you for your feedback.Regarding Gecko, I requested a Mozilla position on this emerging web specification.> Given that any capability can be omitted, do we expect {} to be conforming, however unlikely (I think yes?)?And yes, you're correct. Even though it's unlikely, we do expect an empty set `{}` to be conforming.Best,Andrii
On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <mike...@chromium.org> wrote:
On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Thanks Andrii - I see that Mozilla is positive on the feature now, thanks for requesting the review.
And to Alex's request to call out FP risk - the spec
does acknowledge it, and allow UAs to limit what it returns.
LGTM1
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9604625a-cba0-4831-864c-4af907f07eba%40chromium.org.
Is there additional fingerprinting risk here? I'm happy to see this move forward even if there is, but we should call it out.
On Tuesday, November 19, 2024 at 9:24:50 AM UTC-8 Andrii Natiahlyi wrote:
Hello Mike,Thank you for your feedback.Regarding Gecko, I requested a Mozilla position on this emerging web specification.> Given that any capability can be omitted, do we expect {} to be conforming, however unlikely (I think yes?)?And yes, you're correct. Even though it's unlikely, we do expect an empty set `{}` to be conforming.Best,Andrii
On Mon, Nov 18, 2024 at 7:43 PM Mike Taylor <mike...@chromium.org> wrote:
On 11/14/24 9:39 AM, 'Andrii Natiahlyi' via blink-dev wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/27406fd9-34a7-48a9-adcc-4f8681a46a17n%40chromium.org.
If you're looking for something beyond what's already in
https://w3c.github.io/webauthn/#sctn-disclosing-client-capabilities
- please file an issue against the draft.