- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Apr 2019 11:11:09 +0000
- To: public-webauthn@w3.org
This is currently possible to do by replacing an existing credential, by performing a new registration ceremony with the same `user.id` but omitting the credential to be replaced from `excludeCredentials`. But I agree it could be done more smoothly if it didn't require an additional ceremony invocation just to replace the credential metadata. I guess one of the best options for how to do this would probably be an authentication extension? On the other hand, though: would this risk users getting confused when credential names suddenly change with little or no warning? How big a deal would that be? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1200#issuecomment-484040150 using your GitHub account
Received on Wednesday, 17 April 2019 11:11:10 UTC