Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151)

After reading this thread, I'm still left with a question of what to do with the second browser. Consider a user who has successfully registered the internal authenticator (Touch ID, Face ID, etc) with my server. When this user visits the log-in page on a different device and provides his/her/zer identifer (email address), the app is confronted with a choice of which authentication strategy to pursue, webauthn being one of them. The email address is sent up to the server, the user is looked up, and, at the moment, I'm using the presence of the public key to indicate that we should try webauthn. I don't see a way to associate the public key with the originating device. If we had an identifier for the authenticator that could be stored during registration and sent with the email address to the server, we could decide to pursue a different strategy. As it stands, I'm left trying to parse different failures in order to figure out the best course of action. 

-- 
GitHub Notification of comment by knightcode
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-901268662 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 18 August 2021 16:48:08 UTC