Re: [webauthn] webauthn - API need to know the registration status of an platform authenticator (#1639) from Manish Khedawat via GitHub on 2021-07-06 (public-webauthn@w3.org from July 2021)

From: Manish Khedawat via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Jul 2021 16:38:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-874914061-1625589511-sysbot+gh@w3.org>

Awesome. Looks like autocomplete will sort things out.

> If you know who the user is, then you have state (e.g. cookies). If you have such state then you can record whether the user signed in with WebAuthn initially. If so, then you should request an assertion and pass all the credential IDs for that user. It's possible that they deleted the applicable credential since signing in, but that seems like a very narrow case.

On a general day, Yes a narrow case. But during the OS upgrade season, it is not.  In our recent Big Sur migration, we saw many examples where the platform authenticator broke but cookies were intact. I hope that also gets stable over time.


-- 
GitHub Notification of comment by mkkhedawat
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1639#issuecomment-874914061 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 6 July 2021 16:38:34 UTC