Allow remote desktop clients to execute WebAuthn requests on behalf of another origin so that users browsing on a remote desktop host or virtual machine can use WebAuthn in those environments.

Motivation

Users may want to browse websites that require WebAuthn for authentication on a computer that they can't access physically, like a remote desktop server or a virtual machine. If the remote desktop client is a native app, they can potentially accomplish this already by forwarding raw device access to a USB security key from the local machine to the remote one. This isn't possible for web-based clients however. This feature would enable a web-based remote desktop client, that is explicitly trusted by the user or their enterprise administrator, to make WebAuthn requests on behalf of another site authenticating the user on a remote host.

Specification

Specification link


Proposal in a personal repository, no adoption from community

Status in Chromium

Blink>WebAuthentication


No active development

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals

Owner

Intent to Prototype url

Intent to Prototype thread

Last updated on 2022-04-06