Y
Hacker News
new
|
ask
|
show
|
jobs
by
mmis1000
417 days ago
If you read the proposal carefully. this api is used to refresh/revalidate extremely short lived cookie. not replace cookie itself. Which you can already do with webauthn
2 comments
nicce
417 days ago
Maybe there is an assumption that this is easier to push through for masses because the UX is better. (no phone, no physical key required)
link
ximm
417 days ago
Webauthn always requires a user presence check though.
link
mmis1000
417 days ago
Seems the whole proposal exists solely because they are unwilling to add a "silence" option to webauthn. I am confused about the decision though.
https://github.com/w3c/webauthn/issues/199#issuecomment-2669...
link