Closed mahnunchik closed 1 year ago
MasterKale
commented
1 year ago SimpleWebAuthn manages its own use of AbortController, what is an example of a scenario in which this is insufficient? You mention the user hitting the back button, are we talking a basic server-rendered website? A single-page app? If the browser doesn't cancel the WebAuthn call on a navigation event then I'm not sure how specifying a custom instance of an abort controller would be helpful here.
mahnunchik
commented
1 year ago I'm working on single-page app (web, electron). User can leave registration/authentication view (cancel action). Of course, after the timeout registration/authentication process will be cancelled, but it would be useful to be able to cancel it from the app.
MasterKale
commented
1 year ago I've created #449 that will offer a new WebAuthnAbortService import from @simplewebauthn/browser. This service singleton will have a cancelCeremony() method that can be called at any time to cancel any in-flight WebAuthn ceremony started with startRegistration() or startAuthentication().
Take a look and let me know if you think this will offer the escape hatch you're hoping for.
mahnunchik
commented
1 year ago This is exactly what I need for the current project.
MasterKale
commented
1 year ago WebAuthnAbortService.cancelCeremony() is now available as of @simplewebauthn/browser@8.3.0 ✌️
martpet
commented
6 months ago I would like to supply my own AbortSignal to startRegistration() as I want to reuse it in fetch calls to /options and /verify.
Describe the issue
There is no way to stop registration/authentication process. This is necessary when the user canceled an action in the UI, for example, pressed the back button.
Expected behavior
Dependencies
SimpleWebAuthn Libraries
Latest version
Additional context
AbortControlleris used inside library but there is no option to specify it outside.