Re: [webauthn] Can RPs assume that `InvalidStateError` for `create()` means an excludeCredentials match? (#1566)

> It's important that the registration of a trusted device does not turn a user without "normal 2FA" into a 2FA user, because we want this feature to be low-friction and only "value added". 

Far be it that I get in the middle of this thread (and the complexity WebAuthn has spawned), but if there is no intent to implement FIDO for its _raison d'etre_, why bother implementing it at all?

GitHub Notification of comment by arshadnoor
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Saturday, 20 February 2021 00:11:28 UTC