You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
since this specification requires an authorization gesture to create any credentials,
is still true.
However we could tie things together better by rephrasing the authenticator operations a bit, since they currently don't reference the "authorization gesture" term at all.
given that we have the notions of effective user verification requirement for credential creation and effective user verification requirement for assertion, we ought to grep thru the spec for places where authorization gesture is mentioned and ensure that it is being employed accurately. For example, in section 5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]](options) Method, there is this claim:
..which I do not believe is true any longer.
The text was updated successfully, but these errors were encountered: