*** This bug has been marked as a duplicate of bug 219823 ***

(In reply to Jiewen Tan from comment #1) > > *** This bug has been marked as a duplicate of bug 219823 *** @Jiewen: Thank you for triaging this ticket. Are you sure this is a complete duplicate? From reading the patch in bug 219823 it looks to me as the change only affects the *default* browser. My request was to support it in any WKWebView based browsers or apps.

(In reply to Urs Wolfer from comment #2) > (In reply to Jiewen Tan from comment #1) > > > > *** This bug has been marked as a duplicate of bug 219823 *** > > @Jiewen: Thank you for triaging this ticket. Are you sure this is a complete > duplicate? From reading the patch in bug 219823 it looks to me as the change > only affects the *default* browser. My request was to support it in any > WKWebView based browsers or apps. We currently aren't considering opening this API for all WKWebViews. If you are going to use a web view to do WebAuthn, I would suggest you to use either ASWebAuthenticationSession or SFSafariViewController.

(In reply to Jiewen Tan from comment #3) > We currently aren't considering opening this API for all WKWebViews. If you > are going to use a web view to do WebAuthn, I would suggest you to use > either ASWebAuthenticationSession or SFSafariViewController. Are you not considering opening this API because of security concerns? If yes, would it be an idea to only enable the API for "app bound domains" (AFAIK you already enable other security relevant APIs when "app bound domains" is configured). Using either ASWebAuthenticationSession or SFSafariViewController is probably possible, but from a UX point of view not the nicest solution in all cases.