You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At WWDC 24 this week Apple debuted macOS Sequioa Dev Beta 1, which includes Safari 18.0 Beta. According to the WebKit blog, Safari 18.0 Beta supports "conditional create" added to WebAuthn L3. This is what Apple is referring to when it mentions "automatic passkey upgrades."
This new capability allows an RP to "silently" trigger a passkey registration after a successful traditional authentication (i.e. username+password auth) without the user needing to click through any browser modals. From that point on the RP could switch the user to passkeys at the next login.
Supporting this isn't much different than supporting conditional UI during auth; it's an otherwise normal call to navigator.credentials.create() with some specific options passed in. I can easily add such a capability to @simplewebauthn/browser's startRegistration() method similar to how I added conditional UI support with startAuthentication(..., true).
Additional Resources
Safari flow chart for when an RP can trigger conditional create:
a few months ago, I was trying to implement the conditional UI flow with the browser package, but I wasn't able to get it working properly without eventual fails.
As you described here, we should add the startAuthentication workflow in the head section or let the UI wait some n seconds, is this workaround still required, or are there any better solutions, because I find it quite unpleasant to implement the startAuthentication in the head section or wait n seconds 😞
Describe the issue
At WWDC 24 this week Apple debuted macOS Sequioa Dev Beta 1, which includes Safari 18.0 Beta. According to the WebKit blog, Safari 18.0 Beta supports "conditional create" added to WebAuthn L3. This is what Apple is referring to when it mentions "automatic passkey upgrades."
This new capability allows an RP to "silently" trigger a passkey registration after a successful traditional authentication (i.e. username+password auth) without the user needing to click through any browser modals. From that point on the RP could switch the user to passkeys at the next login.
Supporting this isn't much different than supporting conditional UI during auth; it's an otherwise normal call to
navigator.credentials.create()
with some specific options passed in. I can easily add such a capability to @simplewebauthn/browser'sstartRegistration()
method similar to how I added conditional UI support withstartAuthentication(..., true)
.Additional Resources
Safari flow chart for when an RP can trigger conditional create:
The text was updated successfully, but these errors were encountered: