Ready for Trial: WebAuthn Conditional UI

281 views
Skip to first unread message

Nina Satragno

unread,
Sep 16, 2022, 4:54:26 PM9/16/22
to blin...@chromium.org

Contact emails

nsat...@chromium.org, ke...@chromium.org, a...@chromium.org


Explainer

https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Conditional-UI


Specification

https://w3c.github.io/webauthn/#GetAssn-ConditionalMediation-Interact-FormControl

https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fe-autocomplete-webauthn


Design docs

https://docs.google.com/document/d/1KzEWP0aoLMZ0asfw6d3-7UHJ6csTtxLA478EgptCvkk


Summary

A new mode for WebAuthn that displays a credential selection UI only if the user has a discoverable credential registered with the Relying Party on their platform authenticator. The credential is displayed in autofill UI alongside username and password suggestions for sign-in fields. This solves the bootstrapping problem when replacing traditional username and password flows with WebAuthn: websites can fire a WebAuthn call while showing a regular password prompt without worrying about showing a modal dialog error if the device lacks appropriate credentials.


Websites must opt-in to the feature by triggering a conditional mediation WebAuthn request on a sign-in page.


Blink component

Blink>WebAuthentication


Search tags

webauthn, conditional ui, conditional mediation, web authentication


TAG review

https://github.com/w3ctag/design-reviews/issues/692


TAG review status

Approved


Risks



Interoperability and Compatibility

Very low: this is a new feature that's already implemented by Safari on their Technology Preview.


Gecko: No signal


WebKit: Shipped/Shipping in beta (https://developer.apple.com/videos/play/wwdc2022/10092) See around 16:20


Web developers: No signals


Other signals:


WebView application risks

None.



Goals for experimentation

Feedback from developers.


Ongoing technical constraints

Known bugs


Debuggability

This feature is supported by the WebAuthn Devtools panel


https://developer.chrome.com/docs/devtools/webauthn/


Create a new authenticator with transport = "internal", resident key and user verification support to test it.


WebAuthn debugging in general is not supported on Android.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No


The feature requires support from the underlying OS. It will be supported on Win11+, Mac, and Android; with ChromeOS support coming later.


Support will be surfaced via PublicKeyCredential.isConditionalMediationAvailable().


Debugging support will be available on all desktop platforms from the start (including linux)..



Is this feature fully tested by web-platform-tests?

Yes


DevTrial instructions

https://webauthn-conditional-ui-demo.glitch.me


Flag name

--enable-features=WebAuthenticationConditionalUI


Requires code in //chrome?

Yes


Tracking bug

https://crbug.com/1171985


Launch bug

https://crbug.com/1349891


Estimated milestones

DevTrial on desktop

107


DevTrial on Android

107





Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5144633101778944


This intent message was generated by Chrome Platform Status.



--

Google Logo
Nina Satragno
Ingeniera en Informática
she/her
nsat...@chromium.org

Reply all
Reply to author
Forward
0 new messages