Re: [webauthn] RPs cannot show "You've Already Registered This Authenticator" Message from Adam Langley via GitHub on 2018-02-16 (public-webauthn@w3.org from February 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Feb 2018 21:30:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-366363960-1518816642-sysbot+gh@w3.org>

I think some of the confusion here might be from looking at the public draft of CTAP2. In the [2017-09-27 version](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html) it says:

> If the excludeList parameter is present and contains a credential ID that is present on this authenticator, terminate this procedure and return error code CTAP2_ERR_CREDENTIAL_EXCLUDED.

I.e. don't wait for user presence. Sounds like that's been fixed since then and browsers could return the error directly.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/806#issuecomment-366363960 using your GitHub account

Received on Friday, 16 February 2018 21:30:47 UTC