Since extensions are not mandatory, W3C policy allowed Transaction
Confirmation (TC) extensions to be in the WebAuthn Level 1 specification.
However, by the time Level 2 came out, none of the browsers had
implemented any of the TC extensions. By policy, they had to be removed;
so its no longer in the Level 2 spec.
The Secure Payments Confirmation capability being developed at W3C,
which while it uses FIDO2, is based on a different working group's spec:
https://www.w3.org/Payments/WG/ which involves additional APIs to be
used in the browser application.
If your focus is only on mobile devices - and Android specifically, for
now - then you could look at the open-source Android library we released
in Preview Mode last month at
https://github.com/StrongKey/fido2/tree/master/sampleapps/java/sacl.
It does not use the WebAuthn API, but it does support TC using "dynamic
linking" with a FIDO2 digital signature which can be verified if you're
using our open-source FIDO Certified server from
https://github.com/StrongKey/fido2.
The sample e-commerce app at the SACL URL above demonstrates how it
works. Screenshots are at the 5:00 minute mark on this YT video:
https://www.youtube.com/watch?v=tp5i9_e7xEY
Hope that helps.
Arshad Noor
StrongKey
> <
https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn-simple-txauth-extension>).
> <
https://www.w3.org/TR/webauthn/#sctn-appid-exclude-extension>. There is
> no txAuthSimple extension at 10.2.
> Does anyone know if this extension is supported by common browsers like
> Chrome, IE, Safari etc? Also, does Android and Windows Hello as a
> platform support this natively?
>
> Your inputs are appreciated.
>
> Regards,
> Yashpal
>
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
fido-dev+u...@fidoalliance.org
> <mailto:
fido-dev+u...@fidoalliance.org>.
> <
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CALyYV97c8xoLJMfrYHY-dzjofsr_TxBN7eSxr90bDztr7DPvww%40mail.gmail.com?utm_medium=email&utm_source=footer>.