|
|
|
|
|
|
by tehbeard
2967 days ago
|
|
|
Web Auth API (authn) does try to make it usable. It ties in with the credential management API (A way to have the browser store login credentials for a site, a much less heuristic based approach than autocomplete on forms) and basic principle is generate a key pair, pass back public key to be sent to server during registration. On login generate a challenge value for the client to sign. I don't think iirc the JS code ever sees the private key, only the browser sees it. |
|
|