Caniuse: Web Authentication (webauthn)

+1

bump

WebAuthn 5th working draft revision (WD-05) is an informal "implementors draft"
http://identitymeme.org/archives/2017/05/07/web-authentication-working-draft-rev-5-wd-05/

FYI: Intent to implement and ship: Web Authentication (Mozilla, 14 Nov 2016)
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Edge is implementing WD-05
https://lists.w3.org/Archives/Public/public-webauthn/2016Nov/0177.html

Intent to Implement: Web Authentication API for Chrome
https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/authentication/blink-dev/qCJhuuZH5p0/le6l1t37AQAJ

+1 (and please add it in the Security category, not Other).

Enabled by default in FIrefox 60; https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-with-the-webauthn-api/

+1

It's now a W3C Candidate Recommendation

https://www.w3.org/TR/webauthn/

Also to follow on GitHub: https://github.com/w3c/webauthn

There is a press release: https://www.w3.org/2018/04/pressrelease-webauthn-fido2.html.en

It will be enabled by default in chrome 67? https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/o9RU6Vv0xeM/EGnQOExbAAAJ

https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free

This should probably replace FIDO1 that is currently on CanIUse… (WebAuth was originally FIDO2)

@dstorey Do you mean: https://caniuse.com/#feat=u2f ?

I would not _replace_ https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

+1

Yes we need to get webauthn up there.

Now available at https://caniuse.com/#feat=webauthn

@fryd This isn't correct. Edge supports WebAuth since EdgeHTML13, just with an earlier draft syntax.
You can see for example the HTML5Test detection that keys off the old syntax http://html5test.com/compare/feature/security.authentication.html
The version of the spec we supported was webauthn-20170216

…while EdgeHTML18 has just been updated to support the final syntax and remove the old one.

@dstorey Thanks, will update. Do you expect it to no longer be behind a flag for EdgeHTML18?

The final version won't be behind a flag in 18. The current version using Navigator.authentication et al isn't behind a flag already (which is why HTML5test picks it up)

sorry, I meant msCredentials on window. There have been so many versions :D I think navigator.authentication might be behind a flag in Edge17. Will need to test

Okay, well let me know what you think of how it appears now, feel free to submit a PR with any corrections if necessary. :)

I think the other versions should be at least partial, as a prefixed enabled version is partially implemented. Functionality wise they're the same.

For completeness: it’s been available in Firefox via the security.webauth.webauthn flag since 57. (It was there in 56, but comparatively useless as U2F support hadn’t landed yet, so it was soft tokens only, if I recall correctly.)

This should also probably cover if U2F and/or biometrics too. Not sure what the other browsers support.

I would not _replace_ https://caniuse.com/#feat=u2f with webauthn -- rather keep them both. at some point chrome and firefox will deprecate u2f but that will not be occurring right away.

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

It would really be nice to get webauthn aka "Web Authentication" to be listed on CanIUse, pretty please :)

It's already online? https://github.com/Fyrd/caniuse/issues/2423#issuecomment-387959421

Thanks all for getting it up there!!