I'm interested in leveraging WebAuthn for an App that uses a web view for authentication. One of the open questions I'm grappling with is "what's the experience difference between WebAuthn on mobile vs. a native app experience?"
The biggest difference in usability that I'm able to see from a few demos is in the authentication experience (the registration experience seems pretty similar).
In the WebAuthn mobile experience, a user is prompted with "Do you want to sign in to 'XYZ@test.com' using a saved account?" with two options (one for a saved account and the second being "Account from Security Key"). I'd imagine this is different from mobile native experiences which immediately prompt Face/TouchID (less steps / friction).
Is there any way to prevent / suppress that screen? For example, if I update my request to not support security keys, would a user skip the "account / security key" prompt and default to Face/TouchID (assuming there was only one registered account)? Or would iOS still default to this prompt and a user would select his/her account?
The biggest difference in usability that I'm able to see from a few demos is in the authentication experience (the registration experience seems pretty similar).
In the WebAuthn mobile experience, a user is prompted with "Do you want to sign in to 'XYZ@test.com' using a saved account?" with two options (one for a saved account and the second being "Account from Security Key"). I'd imagine this is different from mobile native experiences which immediately prompt Face/TouchID (less steps / friction).
Is there any way to prevent / suppress that screen? For example, if I update my request to not support security keys, would a user skip the "account / security key" prompt and default to Face/TouchID (assuming there was only one registered account)? Or would iOS still default to this prompt and a user would select his/her account?