Bug 219157
| Summary: | [WebAuthn] Current WebAuthn popup dialog text restricts use to sign-in use cases | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | at.brand |
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | jiewen_tan, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 14 | ||
| Hardware: | iPhone / iPad | ||
| OS: | Other | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=181943 | ||
at.brand
While the current text shown by Safari during a WebAuthn assertion [navigator.get()] makes sense in the context of a sign-in, it inhibits using the feature for other use cases such as payment authorization or step-up authentication. When invoking WebAuthn during these use cases, the current text displayed on the dialog presented by the browser leads to confusion ("Do you want to sign-in to example.com using user@example.com").
Other browsers are using text that is somewhat more generic, enabling such use-cases:
* "Use your security key with example.com"
* "example.com wants to authenticate you using a registered security key"
* "For security, ~application~ needs to verify your identity"
Would it be possible to consider displaying a message that is slightly more generic during the navigator.get() operation, enabling additional WebAuthn use cases other than sign-in?
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/71749854>